Since the end of 2017, the perpetrators' approach to ransomware attacks has changed.
As the Federal Criminal Police Office announced in a press release, the perpetrators' approach to ransomware changed since the end of 2017. Until now, phishing emails with links to malware or file attachments were responsible for encrypting devices, but now the attacks are mainly carried out via remote maintenance tools. The police inform.
Since the beginning of the year, the experts at the BK's Cybercrime Competence Center (C4) have identified a new approach used by the perpetrators. In the past, encryption software was primarily distributed via crafted emails, through security gaps in web browsers or through unconscious downloading from the Internet.
The malware is now preferably imported into the networks via remote maintenance tools, such as Remote Desktop Protocol (RPD) interfaces, and thus encrypted. RDP interfaces are basically required to control a remote computer and display its screen content, for example by a company field representative or an IT technician.
The attack targets of the perpetrators are primarily small medium-sized companies and their interfaces that are inadequately secured or secured with simple passwords. The access data is cracked using special software to penetrate the victims' systems and encrypt the data. After the infection, the victims receive a message with the blackmailer's instructions on how to transfer the ransom money.
Monetary demands
The perpetrators' demands for money have also changed. In the past, perpetrators were asked to pay fixed amounts of money to decrypt a device. After a prior assessment of the victims' financial possibilities, the amount of the ransom is agreed individually. Claims of up to 30,000 euros are known.
General information about ransomware
Ransomware is a collective term for malware that is specifically designed to encrypt electronic data and systems so that they can no longer be used. A ransom is then extorted for decryption, usually in the form of the virtual payment method Bitcoin or through prepaid cards. Both forms of payment are anonymous, making criminal prosecution more difficult. Both private individuals and companies, authorities and other organizations are affected.
Own special commission in action
Due to the increase in extortion through ransomware, the special commission (Soko) Clavis was set up in C4 of the BK at the beginning of June 2016. The team currently consists of six employees. These take over all ransomware cases reported nationwide. Due to its international nature and complexity, this form of crime requires central processing so that individual crimes can be assigned to a series or a group of perpetrators. Soko investigators process around five reports per week. This is a significant reduction compared to the previous year with an average of 20 advertisements per week.
Help with decryption programs
The website www.nomoreransom.org was created by Europol in cooperation with the Federal Criminal Police Office (BK) and private and executive partners and supports victims of digital blackmail in restoring their data. The platform is now available in 14 languages and offers dozens of different decryption programs for free. Those affected can obtain information on the site.
Crime prevention tips:
- Change your login details regularly and use different and complex passwords for different accounts and applications. Complex, long passwords with uppercase and lowercase letters and special characters are important.
- Do not use standard user IDs such as user1 or Admin001.
- Use firewalls.
- Limit access using IP whitelisting.
- Check whether you actually need remote access via RDP access. If not, turn this feature off.
- Have a backup strategy. After the backup, disconnect the backup medium from the system and remove share links to the backup servers after the backup to prevent the malware from spreading.
- Limit the user rights of each user as much as possible and only work under the administrator account if this is absolutely necessary.
- If you have become a victim, please file a report at any police station.
References:
Source: Federal Criminal Police Office
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

