1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

German police lift lid on worldwide cyber blackmail gang

March 6, 2023

The international investigation involving the FBI and Europol has revealed details of an international cybercrime gang accused of blackmailing major firms and institutions.

The screen of a computer that has been hacked
In ransomware attacks, hackers lock up a victim's data and demand large fees to return itImage: Frank Rumpenhorst/dpa/picture alliance

Police in the German state of North Rhine-Westphalia (NRW) on Monday shared details of an international network of "highly professional" hackers involved in ransomware attacks.

The group allegedly targeted hundreds of companies, institutions or private individuals, with dozens of victims in Germany alone — including a major hospital and local authority.

What did police reveal about the gang?

Investigators identified at least 601 victims internationally, 37 of which were in Germany, NRW state police cybercrime department head Dirk Kunze said on Monday.

Kunze said the hacker group was a "shadow economy that operates according to supply and demand." He said it had already emerged in 2010 and had started with using extortion software in the gaming scene.

In 2021, the network was said to have attacked, among others, the Düsseldorf University Hospital. A woman who needed urgent treatment at the hospital died after she had to be taken to another city for treatment.

It also targeted the Funke media group and the Anhalt-Bitterfeld district in Saxony-Anhalt, which subsequently declared a disaster situation

German police led the investigation, working alongside the US Federal Bureau of Investigation, Europol, and police in the Netherlands and Ukraine.

Professional recruitment operation

Europol said victims in the United States alone had paid out at least €40 million ($42.5 million) to the gang between May 2019 and March 2021.

The group was said to have specialized in "big game hunting" and ran a professional recruitment operation that asked applicants to submit references about their past cybercrimes.

How can hackers infiltrate systems?

 The investigation identified eleven people — men and women—  for their alleged involvement in the group.

Officers searched buildings in Germany and Ukraine in late February, with police seizing evidence and detaining suspected participants for questioning.

Kunze said arrest warrants remained outstanding for three suspects — two of them Russian —who were beyond the reach of European law enforcement. 

Ransomware is a form of malicious software that criminal gangs use to encrypt data, offering the victim a key to access it again in return for payments.

rc/rt (dpa, AFP)