Redazione RHC : 4 August 2025 08:57
We discussed this in an article on the topic some time ago written by Massimiliano Brolli. Today, cybersecurity is no longer an option or an ancillary value: it is a true business enabler. We live in a context in which a ransomware attack can completely paralyze a company, compromise its reputation, and, in the most serious cases, lead to bankruptcy. Today we’ll talk about another story, another company that didn’t make it and went bankrupt after fighting a devastating cyber attack to the last.
The large German company Einhaus Group, specializing in insurance and mobile phone services, has announced the initiation of bankruptcy proceedings.
The cause of the collapse was a cyber attack that occurred in March 2023, the consequences of which the company has never recovered from. recover.
One morning in mid-March last year, company founder Wilhelm Einhaus went to the office and found a horrifying photo. On each printer was a sheet of paper with a message: “We’ve hacked you. Find more information on the darknet.” As it later turned out, the attack had been carried out by the Royal cybercriminal group. The attackers had encrypted all of the company’s computer systems, making it impossible to work without them.
The hackers demanded a ransom of approximately $230,000 in bitcoin to restore access to the data. The management of the Einhaus Group faced a difficult choice. On the one hand, cybersecurity experts strongly advised against paying the extortionists, as this would only encourage their activities. On the other hand, without functioning computers, the company was suffering huge daily losses.
Eventually, the company decided to pay the ransom because the damage caused by the downtime exceeded the amount demanded. According to Einhaus’s estimates, the total damage caused by the attack was in the seven-figure range, or several million euros.
The Einhaus Group was anything but a small company. It had partnerships with large companies such as Cyberport, 1&1, and Deutsche Telekom. Before the attack, it employed 170 people. However, recovering from the cyberattack proved incredibly difficult.
The company had to implement drastic cost-cutting measures. Staff was reduced from over a hundred employees to just eight. At the same time, the remaining workers had to process applications and handle documentation almost manually—it’s hard to imagine how they managed it.
In mid-2024, the company sold its headquarters and liquidated several investments in an effort to stay afloat. There seemed to be a glimmer of hope when German law enforcement arrested three suspected hackers and confiscated cryptocurrencies worth six figures in euros.
However, this news brought little relief to the company concerned. The prosecutor’s office refused to return the confiscated funds until the investigation was completed, despite the Einhaus Group’s desperate attempts to recover their money through legal means. Furthermore, this company is not the only one waiting for the return of the funds: other victims of the same hacker group are in a similar situation.
As a result, three companies related to the Einhaus Group have formally filed for bankruptcy. Liquidation is usually the next step, although it is not always inevitable. Wilhelm Einhaus, 72, said he has no intention of retiring, even if the worst were to happen. He is ready to “start all over again,” he said.
The story of the Einhaus Group is not an isolated case. Last week, the bankruptcy of the 158-year-old British transport company Knights of Old emerged, having failed to survive a ransomware attack. Due to a cyberattack by the Akira group, the company ceased operations and 700 people lost their jobs.
These cases clearly demonstrate how destructive modern cyberattacks can be for companies. Even if a company accepts the hackers’ demands and pays the ransom, this doesn’t guarantee a restoration of normal operations and can lead to financial ruin.
RedazioneThe editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.
