The global computer virus WannaCrypt - nicknamed WannaCry - shut down more than 230,000 computers in 150 countries over the weekend. But in Germany, at least so far, it has been a nuisance rather than a catastrophe. At train stations, some arrival and departure screens have malfunctioned, a few ticket machines stopped working, and so forth. Deutsche Bahn, Germany’s state-owned railway operator, said that actual traffic was not affected. No sweat.
That raises the question why Germany has been emerged relatively unscathed from a cyber-attack that Europol has called unprecedented in its global scope. Do the Germans know something that the rest of the world does not?
The advantage Germany may have is the conservative regulatory environment around digital experimentation and data protection.
The short answer: No. The longer answer: German companies and institutions, even though they are by no means immune to hacker attacks, may have certain advantages. In this case, it is important to understand how the "ransomware" worked and what vulnerabilities it exposed.
Vulnerable computers included any that run a Microsoft operating system, or about 80 percent of all computers in the world. Microsoft had already fixed the vulnerability with software updates released in March and again last week. But those patches only protected users and firms that had applied them. Firms with old versions of Microsoft's operating systems would not have received the patch unless they paid for expensive “custom” support. (Now, after the weekend's attacks, Microsoft released free patches for the older software systems too.)
For example, Britain's National Health Service still uses the older Windows XP system and did not sign up, or pay, to get the extra customer support. When the hackers exploited that vulnerability, hundreds of British hospitals and clinics were unable to conduct surgeries and other medical procedures and ambulances had to be re-routed.
As experts have pointed out, a big part of the problem with updates isn't even the price of software or an incompetent IT department - it is about the peripheral equipment. For example, hospitals have a lot of other equipment connected to their IT systems, each with its own software. Updating the overall operating system could, for example, interfere with a medical monitor attached to a patient on life support.
Some of this peripheral infrastructure -- in water processing plants, for example -- was installed in the 1970s, says Marco Gercke, director of the Cybercrime Research Institute in Cologne. These old systems often use software that is obsolete. But Mr. Gercke thinks that German firms tend to have a better relationship than others with the manufacturers of such equipment. In some cases, the suppliers of old systems already updated their infrastructure to Windows 10, the newest version.
The other advantage Germany may have in this area is the country's conservative regulatory environment. "A lot of experimental software - in the style of Silicon Valley - wouldn't work here because of Germany's regulations," Mr. Gercke explains.
Of course Germany is not safe from hacker attacks. Last February a number of German clinics and hospitals had their databases disrupted by a virus, and in the summer of 2015 an unnamed hospital in North Rhine-Westphalia was infected by Cryptowall ransomware.
Nor is the problem going away any time soon. Copycat versions of WannaCry are already in circulation and Germany’s Federal Office for Information Security, better known by its German acronym BSI, now describes ransomware, where hackers demand payment in return for ceasing their attack, as a well-established business model. According to the consulting firm KPMG, 19 percent of German companies were victims of ransomware attacks in the past two years, a fourfold increase. In fact, local digital security analysts say that is quite likely the WannaCry virus affected more German computers than currently detailed. Unless a company had to, they would not necessarily reveal their security vulnerabilities to the media, they say.
Ransomware attacks often reveal deeper security problems too, according to Tilman Frosch, managing director of G-Data Advanced Analytics in Bochum. Hackers could use the vulnerabilities exploited by ransomware to conduct espionage or download sensitive design plans without detection, Mr. Frosch said.
"It is a renewed wakeup call for companies to finally take IT security seriously,” said Arne Schönbohm, the president of the BSI, “and take sustained defense measures.”
Ina Karabasz is an editor at Handelsblatt's companies and markets team, covering telecommunications, IT and security issues. Sandra Louven is head of companies and markets at Handelsblatt and reported from Madrid. Christof Kerkmann is an editor for Handelsblatt and writes about the technology sector. Cathrin Schaer is an editor with Handelsblatt Global. To contact the authors: [email protected],[email protected]m, [email protected]