Experts: AI turbocharging cybercrime, Germany a hotspot for ransomware

Germany faces turbulent times ahead due to the growing threat of AI-driven cyberattacks, the head of the country's cybersecurity authority warned at a conference in Potsdam outside Berlin on Wednesday.

Claudia Plattner, president of the Federal Office for Information Security (BSI), said a "new era of cybersecurity" had begun to some extent. The coming years would be "very bumpy and turbulent," she said, as artificial intelligence (AI) was expected to lead to a rise in cyberattacks.

"With AI, we are at the beginning of what is coming our way in the next few years," Plattner said. Cybercriminals were using AI to identify vulnerabilities in IT systems more quickly, she added. 

The heads of Germany's security authorities were gathering on Wednesday at the Hasso Plattner Institute for the National Cybersecurity Conference.

Security authorities push for powers to fight back

Sinan Selen, president of the domestic intelligence agency, the Federal Office for the Protection of the Constitution, said: "Cyberattacks are already the seismograph for geopolitical tensions. That seismograph is going off massively here." 

Defending against cyberattacks was becoming increasingly complex, making it all the more important for security authorities to be closely networked, he said. The aim was to neutralize attackers' infrastructure at an early stage so that damage did not occur at all.

Beyond preventive measures, the government wants to allow "active cyberdefence" in future. 

The deputy president of the Federal Criminal Police Office (BKA), Marina Link, said the ability to intervene defensively was currently lacking - authorities had to wait "until the damage was already done." She expressed the hope that this would change before the end of the year with the cyberdefence law currently going through parliament.

The federal and state governments also brought a Joint Centre for Countering Hybrid Threats into operation last week. In the view of experts, Russian activities have heightened the threat level for Germany. Espionage, cyberattacks, sabotage and information manipulation are considered typical instruments of hybrid threats.

Expert: Germany a ransomware hotspot

Germany is also a prime target for ransomware attacks, with cybersecurity expert Christian Dörr of the Hasso Plattner Institute describing the country as Europe's "hotspot." 

Ransomware attacks involve malicious software that encrypts data and systems, with cybercriminals seeking to extort ransom payments.

"The ransom demands from criminals average hundreds of thousands of euros. On top of that comes weeks of downtime until everything is running again. That can drive a company into bankruptcy," Dörr said. 

He added that awareness of cybersecurity in Germany was lacking. "We have been lagging behind in international comparisons for many years."

According to the BKA, 1,041 cases of ransomware attacks and other forms of data theft linked to extortion were reported across Germany last year, up from 950 in 2024.

Cybercrime is a global business, but traces very frequently lead to Russia, Dörr said. He said there was "little risk of prosecution and extradition" there, as long as criminals choose their victims outside Russia.

In recent years, an increasing entanglement between cybercriminals and state actors could be observed, Dörr said. "On the one hand because states have discovered this as an additional source of income for themselves, but also because perpetrators come from the ranks of these countries' offensive cyber warriors and can 'earn a little extra' after hours," he said.