In 2022, ransomware was one of the top 3 threats in the economy (source: German Federal Office for Information Security). The resulting economic damage is growing every year and in Germany alone was already over 24 billion euros in 2021.

Attempts to attack companies with malware are omnipresent, and we are no exception: every year, REWE's email systems block an average of 70,000 emails containing malware of all kinds. Ransomware is particularly lucrative for criminals, as they can use this malware to encrypt data and demand a ransom from companies.

This has now developed into a flourishing business model. And the extortionists go one step further: they sell or rent their malicious software to other criminals. A ransomware-as-a-service model, so to speak. In this way, other people without major technical skills can also use these programmes, hijack data and extort money. This significantly increases the number of attacks once again, as virtually "anyone" can take advantage of this model.

Ransomware now affects every industry and every other sector, for example government organisations. The criminals often do not proceed indiscriminately, but look for financially strong victims with a high annual turnover. A correspondingly high ransom is then demanded.

The malicious code often reaches the computer via an infected attachment or link in an email and opens the virtual door to the outside world, so to speak. Once this door has been opened, the attackers then spread through the company network step by step, secretly and quietly, and identify the "cream pieces" of data that appear particularly valuable and could bring a high ransom if they were encrypted or published. Then the actual attack begins, when the ransomware is deployed.

The emails are now so well forged that they are not easy to detect once they have slipped through our filter systems. The attachments sent along can be dangerous. At first glance, they appear harmless, for example as .doc, .xls or .pdf. However, these everyday file changes actually conceal malware that even virus scanners often fail to recognise. Macros in particular - these are actions in a file that can be executed as often as required - should not be activated carelessly.

Regardless of whether you are sure that it is phishing or just have a suspicion: Suspicious emails should always be reported via the "PhishAlarm" button in Outlook.

Phishing attacks are no longer limited to e-mails and laptops or PCs. Mobile phones are increasingly becoming the focus of attention. Anyone who has received a text message with the text "Hi mum, I've changed my phone number" or a parcel notification in recent weeks has also been targeted by cyber criminals who, after the grandchild trick, are now using the child trick. Such attempts to install malware on smartphones also end up on company mobile phones. Caution is therefore always advised here. If you're wondering, "Where did they get my number?": There are many mobile phone numbers circulating on the darknet that have been captured in attacks by platforms, or number combinations are randomly tried out.