Lower Austrian community targeted

Hacker traces lead to the Kremlin

Moscow is said to be behind global cyberattacks.(Bild: AFP)

Huge strike against a worldwide Russian network of blackmailing hackers. Meanwhile, the trail of a cyber attack on the municipality of Korneuburg (Lower Austria) also leads to the Kremlin. Lockbit in particular is regarded as a highly dangerous computer crime group.

As reported, the computers of the municipality on the outskirts of Vienna were recently practically paralyzed. Even funerals were stopped because no applications for official documents were possible. However, the data could be backed up and the system is slowly starting up again.

As cyber specialists were able to determine, traces in the network lead to Moscow. The hacker group Lockbit, based in Russia, is believed to be behind the professional attack, which is also said to repeatedly assert the interests of the Russian state.

The hackers' website was taken over by the authorities.(Bild: HANDOUT)

The town hall in Korneuburg is also said to have been targeted by Russian cyber criminals.(Bild: Huber Patrick)

Authorities hacked into hacker group
Behind this is a globally active group of internet blackmailers who encrypt data with malware and only release it again after ransom payments or sell it at the click of a mouse. This time, however, the hackers themselves were hacked during "Operation Cronos". The US Federal Bureau of Investigation (FBI), in cooperation with international and European authorities - in Austria, the Federal Criminal Police Office and the Directorate of State Security and Counter-Terrorism (DSN) were also involved - succeeded in taking over the cyber criminals' website.

The close cooperation between the municipality of Korneuburg and the Office for the Protection of the Constitution is crucial in the international investigation.

ÖVP-Innenminister Gerhard Karner zum Cyber-Angriff

"Two thirds of our servers have already been decrypted. However, data from January 28 to February 2 is still missing. The work on the network will continue for months", Korneuburg Mayor Christian Gepp announced on Tuesday. The damage is estimated at more than 100,000 euros, including the involvement of external IT specialists and overtime by municipal workers.

Lockbit and the notorious hacker group APT 28 (the abbreviation stands for "Advanced Persistent Threat"), which is also controlled by Moscow, have been highly active in recent years, particularly since the start of the war in Ukraine. In addition to German government agencies and hospitals, for example, the computer networks of large foreign companies have been attacked or infiltrated in large numbers. After all, data is the new gold. In addition to political destabilization, it can be used to make a fortune. In America alone, at least 1700 organizations are said to have become victims since 2020.

Russian cyberattack on foreign ministry too
The domestic Foreign Ministry was also targeted by Putin's hacker army four years ago. Technicians and the criminals in the network fought fierce cyber battles for weeks until the attack could be repelled

The ruthless Lockbit criminals are attacking on the darknet from Tsar Vladimir Putin's Russian empire.(Bild: overrust - stock.adobe.com)

"With their ransomware, these attackers are encrypting the computers of thousands of companies and organizations worldwide," warns cybersecurity expert Dr Cornelius Granig. The perfidious method: those behind the attacks have built up a strong presence on the darknet and also rent their malware to other criminals, with whom they share the proceeds. All those involved remain anonymous - so that the perpetrators cannot identify each other.

Reputable company on the notorious Darknet
According to Granig, Lockbit acts like a company to the outside world and even has an unnamed press spokesperson. Uninhibited advertising: "No laws apply to us, we work on the darknet. Anyone can do what they want there."

Cybersecurity expert Dr. Cornelius Granig(Bild: klemens groh)

But how does ransomware work? Phishing emails are used to steal access data from computer systems whenever users carelessly click on links and disclose information. The attackers then gain access to external networks and steal data. They then encrypt the systems they have taken control of and demand a ransom in cryptocurrencies to unlock them.