Tag: ransomware

Categories
Allgemein

Germany: GandCrab Ransomware Extortionist Convicted

A state theatre in southern Germany, an internationally operating ransomware ring and a criminal trial in which courts suddenly have to dissect covert ransom negotiations, darknet chats and opaque payment flows – it all sounds more like a screenplay than a day in a regional courtroom.

What makes this case so compelling is that it forces a public institution to explain, under oath, how it managed to stay operational under acute digital extortion, and it exposes the practical roles that specialised cybercrime prosecutors, external IT contractors and potential ransom payments actually play. In doing so, the proceedings open a rare window onto a market that normally operates in the shadows and turn into a case study of how tightly technical, legal and political questions are intertwined whenever ransomware hits.

Continue reading “Germany: GandCrab Ransomware Extortionist Convicted”
Categories
Cybercrime

Shutdown of Cryptomixer.io

From November 24 to 28, 2025, German and Swiss law enforcement authorities, supported by Europol and Eurojust, conducted a large-scale operation against the cryptocurrency mixing service Cryptomixer.io. Three servers in Switzerland were seized, the domain was blocked, and cryptocurrencies worth approximately 25 million euros were confiscated. Additionally, more than 12 terabytes of data were secured by investigators. Since its launch in 2016, Cryptomixer.io had been one of the largest Bitcoin mixers, anonymizing transactions by pooling coins from various users and redistributing them in smaller amounts to new addresses. This method disrupts the transaction chain and complicates traceability—a service primarily used in the underground economy and for obfuscating illicit financial flows.

The platform was accessible both on the clear web and the darknet, processing billions in transactions, many of which were linked to illegal activities such as ransomware attacks, drug and arms trafficking, or fraud. After the seizure, authorities placed a notice on the website warning that anyone using the service could face investigation. Whether this warning applies universally or requires nuanced consideration is a key question for those affected.

Continue reading “Shutdown of Cryptomixer.io”
Categories
Cybercrime Cybersecurity

Cyber pirates: Does the US want to legalize malicious hackers?

Return of letters of marque: The US may be on the verge of taking an unprecedented step in the fight against cybercrime: With the Scam Farms Marque and Reprisal Authorization Act of 2025, Congress wants to revive a centuries-old instrument – letters of marque and reprisal, also known as letters of marque. Historically, these allowed private ship owners to capture enemy merchant fleets on behalf of their country.

Now, cyber pirates are to be given similar rights to combat foreign hackers, fraud networks, and state-sponsored cybercriminals. But what at first glance appears to be an innovative solution turns out, on closer inspection, to be a highly controversial undertaking that raises profound legal, ethical, and strategic questions.

Continue reading “Cyber pirates: Does the US want to legalize malicious hackers?”
Categories
Criminal Defense Cybercrime

Cybercrime criminal defense in Germany: Cybercrime investigations in transition

The way digital investigators work in Germany and Europe today has changed fundamentally—something that not all stakeholders have noticed yet. As a criminal defense attorney, I have been observing how things are changing in my own cybercrime cases for years—in addition to the wealth of information I receive from my network of clients and colleagues. And I can only say: it’s time to wake up. German investigators in particular are extremely persistent and know how to make the most of international instruments. Above all, the special public prosecutor’s offices in Cologne, Frankfurt, and Bamberg must be kept on the international radar.

Continue reading “Cybercrime criminal defense in Germany: Cybercrime investigations in transition”
Categories
Cybercrime Cybersecurity

Understanding cyber diplomacy as a strategic necessity

Cyberwar, cybercrime and the new geopolitics of digital sovereignty: the digital sphere is no longer just a technological terrain, but a battlefield of geopolitical interests. States are vying for influence, companies for market share and non-state actors are using cyberspace as an arena for espionage, blackmail and even digital sabotage – one reason why I keep returning to this topic.

I was interested to read the Handbook for the Practice of Cyber Diplomacy, published by leading experts in the field, which sheds light on the increasing importance of diplomatic strategies in cyberspace. It provides both a historical context and a pragmatic analysis of existing diplomatic mechanisms by which states attempt to bring order to a digitally fragmented global system riddled with power interests.

This is about far more than just cybersecurity: it is about power projection, economic dominance and the question of who sets the rules in the digital space.

Continue reading “Understanding cyber diplomacy as a strategic necessity”
Categories
Cybercrime Cybersecurity

Cybercrime in North Korea and the threat to the cryptocurrency industry

North Korea is one of the main perpetrators of the growing threat to cyber security. At least since the attack on Sony Pictures in 2014, the country has been perceived as a major cyber player on the international stage. Since then, Pyongyang has used its hacking skills to circumvent international sanctions and steal funds.

Pyongyang was able to use the captured funds to finance the development of its nuclear and missile program. North Korea also uses cyber operations for (digital) espionage. The targets are wide-ranging: they are directed against universities, human rights organizations and media companies, create discontent or distrust through election fraud and attack critical national infrastructures. The increasing importance of North Korea in the area of cybercrime and cybersecurity is also the reason why we maintain a separate blog post on the topic here.

As an example, a study by Recorded Future’s Insikt Group paints an alarming picture of North Korean cybercrime. These activities, which have increased since 2017, target the cryptocurrency industry and have enabled North Korea to steal an estimated 3 billion dollars in cryptocurrencies.

Continue reading “Cybercrime in North Korea and the threat to the cryptocurrency industry”
Categories
Cybercrime Cybersecurity

Russian hackers and their activities

Russian hacker groups are known worldwide for their sophisticated and far-reaching cyberattacks. These groups are often associated with state support and pursue a variety of objectives, including political manipulation, espionage, economic sabotage and disinformation. Their activities have a significant impact on global cyber security and pose a serious threat to state and private organizations.

The Russian hacker ecosystem is a complex and diverse network of actors, platforms and methods that is used for both financially motivated and state-sponsored cyber attacks. The close links between criminal actors and government agencies make this ecosystem particularly dangerous and difficult to combat. An effective defense against these threats requires a deep understanding of the structures and motivations within this ecosystem as well as international cooperation and robust cybersecurity measures.

Continue reading “Russian hackers and their activities”
Categories
Cybersecurity

Disinformation & AI: The influence of artificial intelligence on elections

In recent years, artificial intelligence (AI) has made enormous progress and developed into a powerful tool that can have both positive and negative effects on democratic processes. While AI has the potential to strengthen democracy and promote political participation, it also poses significant risks, especially in the context of elections.

Continue reading “Disinformation & AI: The influence of artificial intelligence on elections”
Categories
Cybercrime

Cyberwar, Disinformation, and Hackbacks: Legal and Strategic Challenges in the Digital Battlespace

The increasing militarization of cyberspace and the rise of disinformation campaigns are reshaping the landscape of national security, law, and public discourse. While terms like “cyberwar” dominate headlines, their legal implications are often murky. At the same time, state responses to cyber threats—notably the controversial notion of “hackbacks”—raise complex questions at the intersection of international law, domestic constitutional limits, and cybersecurity strategy.

This article delves into the tangled terrain of cyber conflict, disinformation, and digital countermeasures, arguing that a nuanced legal and strategic framework is urgently needed.

Continue reading “Cyberwar, Disinformation, and Hackbacks: Legal and Strategic Challenges in the Digital Battlespace”
Categories
Labour law Liability of the management Technology- & IT-Law

IT Forensics in Cyber Incidents: A Legal Guide for Management in Germany

Cyber incidents, whether caused by external attackers or internal employees, present immense challenges to companies. In addition to ensuring business continuity, the forensic analysis of such incidents is essential to minimize damage, identify perpetrators, and collect legally admissible evidence. However, IT forensics operates in a highly complex legal environment. Companies must closely align legal requirements and technical capabilities not only to close security gaps but also to prevail in potential legal disputes.

The pressing questions are: How can incidents be clarified, perpetrators identified, and all legal requirements met at the same time? IT forensics provides essential tools but is not solely a technical discipline. It requires a precise interplay of technology, law, and organizational measures. Management, in particular, is responsible for creating an environment in which IT forensic measures can be implemented effectively and in compliance with the law—ideally before an incident occurs. This article highlights the legal aspects of IT forensics, from threat analysis to securing evidence that is admissible in court.

Continue reading “IT Forensics in Cyber Incidents: A Legal Guide for Management in Germany”