Ransomware plunges insurance company into bankruptcy

A company, which offered insurance and repair services to cell phone owners across Germany, and generated revenues of up to 70 million Euros (US $80 million) has collapsed following a ransomware attack. 

Einhaus Gruppe, located in Hamm, Nordrhein-Westfalen, was founded in 2003 and had over 5000 sales partners across Germany. 

And yet, despite the company’s success, an attack by the Royal ransomware group became its ruin. As managing director, Wilhelm Einhaus told local press last week, the first he knew of the attack in spring 2023 was when he walked into his office to be greeted by a message on every printer:

“We’ve hacked you. All further information can be found on the dark web.”

The attackers had encrypted the company’s data, and staff locked out of the firm’s computers and servers. 

With access to critical data blocked, work inside the company came to a standstill. The freeze in day-to-day business was estimated by Einhaus to have ultimately cost his company something in the mid-seven-figure range. 

It cannot be an easy decision for any business to make, but Einhaus Gruppe determined that the “least worst” option was to give in to his blackmailers and pay the ransom – thought to be around US $230,000. 

But even if a ransom is paid, there is still damage done – and there can be a significant impact on business due to the disruption caused by both the attack and a sometimes extended recovery.

Desperate for his company to survive, Einhaus said that he intended to recover the funds paid to the blackmailers, and recover the lost revenue, by selling company property, liquidating investments, and reducing staff numbers from over 100 to just eight. 

It must be galling for a legitimate company to be brought to its knees, after years of building up a business, by cybercriminals. 

Einhaus informed the police of the ransomware attack against his company, and – according to reports – investigators have identified three suspects and other possible victims.

In fact, according to Einhaus, the cryptocurrency assets of those alleged to be responsible for the cyber attack were seized by prosecutors as part of the investigation. And yet, to the gall of 72-year-old Einhaus, he says that his ransom payment has not been repaid to his company, and this is the reason for its collapse:

“The fact that we, as the proven victims, are not recouping the extorted funds, even though they have been confiscated, has derailed our restructuring efforts.”

It appears that the prosecutor’s office has refused to release the seized funds to victims until it has completed its investigation. 

Although it is easy to understand that is a painful pill for any victim of the attacks to swallow, it is also simple to see that it would be problematic for the authorities to act in any other fashion. 

As ever, the aftermath of a cyber attack can be considered much worse than day one of a cyber attack. 

All organisations – big and small – would be wise to put layered defences in place and harden their security to ensure that they are reducing the risk, as much as possible, of becoming the next victim of a ransomware attack.

Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Fortra.