No, this is not about the overall increase in malware and ransomware attacks we’re witnessing on in recent years. It’s about something that I believe has happened in the last couple of days and is still happening as I write this, yet absolutely nobody mentions it!

Last week, REvil ransomware affiliates were arrested in Romania and Kuwait. The European Union Agency for Criminal Justice Cooperation is happy. Some even believe that the BlackMatter, created when when both REvil and DarkSide dismantled themselves, is shutting down its operations due to increased pressure from law enforcement.

I see trees of green, red roses too
I see them bloom for me and you
And I think to myself
What a wonderful world.

Yeah, sure.

🤯 Meanwhile, on Nov. 8 the European electronics retail giant MediaMarkt & Saturn suffered a Hive Ransomware attack, with an unrealistic initial ransom demand of $240 million. The group’s 3,100 Windows servers were affected, and the retailer could only sell what was physically in store, with cash payments! As I’m writing this, the “technical issues” reported by Saturn and by MediaMarkt are still ongoing. (In German, read also this and this.)

I’m not buying it, but Here’s what we know about Hive, the group that may have shut down MediaMarkt systems.

What I know is what follows:

  • Several US and multinational companies were hit by ransomware in the hours before MediaMarkt was struck, and other companies continued to be targeted by ransomware and DDoS attacks afterwards. Some were international companies, some others were ISPs (in the case of DDoS). Totally different kinds of attacks, but still.
  • Several German companies in the automotive field were also hit by ransomware this week (say, November 8 to 11). I won’t give names, because not a single one of them admitted having issues, but I have sources saying that big or small, a good number of them were in big trouble. As if they were in the Soviet Union, there’s a total silenzio stampa about these incidents, though. You see, there are stocks to care about.
  • Beyond MediaMarkt and Saturn, other online stores are likely to have been hit. On Nov. 10, Heise’s online shop had the peculiarity that no matter what article you clicked, all you were getting was a “maintenance” page. The issue has been fixed, but how many e-shops were affected without even mentioning the fact?
  • This morning, the 112 and 110 (police) emergency numbers were down in Baden-Württemberg, and, as they announced they’re back on, I had reports that other parts of Germany were still experiencing 112/110 outages. Here’s an article reporting such emergency lines outages in the states of Baden-Württemberg, Brandenburg, Mecklenburg-Western Pomerania, Lower Saxony, Rhineland-Palatinate, Saarland, Saxony and Schleswig-Holstein, and in larges cities such as Berlin, Frankfurt am Main, Hamburg and Cologne. Officially, they blame it on Deutsche Telekom.

There is something rotten in the state of Denmark. I can surely understand the CEOs who fear the reaction of the Stock Exchange, and who therefore impose the omertà, but how about the Federal agencies such as the Bundesamt für Sicherheit in der Informationstechnik (BSI), the Bundesnachrichtendienst (BND), and the Bundesverfassungsschutz (BfV)? Aren’t they supposed to do something about that? (I couldn’t find anything relevant in BSI’s Cyber-Sicherheitswarnungen.)

In the former USSR, when “nothing happened” (Stalin didn’t die, Chernobyl didn’t explode, there was no coup attempt against Gorbachev, etc.) the state radio and television were broadcasting symphonic music and ballet. Nowadays, how are we supposed to detect when “nothing happens” in a severe way?

Small update: Hoax Email Blast Abused Poor Coding in FBI Website.