Cyberattacks, Data Encryption, Extortion - How Cybercriminals Operate | DW Documentary

The DW documentary examines how modern ransomware gangs infiltrate corporate networks, extort victims, and monetize stolen data, using the 2025 Bosard Farbin plant breach and the LockBit syndicate as illustrative case studies. It details the two primary entry vectors—phishing‑style social engineering and automated scanning for unpatched services—followed by privilege escalation that enables mass encryption and the newer "double extortion" tactic of exfiltrating sensitive files before locking them.

The film highlights the staggering financial stakes: attackers demand half‑a‑million dollars in Bitcoin, while global ransomware losses exceed $1 billion annually. Victims often discover that backups are also compromised, forcing crisis teams to scramble for the most recent clean snapshot. The narrative underscores the professionalization of cybercrime, noting that ransomware outfits maintain HR departments, payroll cycles, and even geopolitical rules that spare former Soviet states.

Key moments include John Deaggio’s undercover infiltration of LockBit, his 70‑page dossier that triggered worldwide law‑enforcement attention, and the eventual indictment of the group’s Russian leader. Bosard Farbin’s IT staff endured sleepless nights, emotional distress, and a race against a 12‑day ransom deadline, ultimately restoring a seven‑day‑old backup after forensic analysis traced the breach to a weak remote‑access credential on a forklift terminal.

The documentary warns that ransomware is no longer a fringe threat but a structured industry demanding robust cyber hygiene, segmented network architectures, and immutable backup strategies. For executives, the cost of prevention—regular patching, employee training, and zero‑trust controls—remains far lower than the operational and reputational damage of a successful attack.