Company struggled to survive, blaming financial failings.
The German mobile phone repair and insurance business Einhaus Group has begun insolvency proceedings.
According to media reports, citing German media, a 2023 ransomware attack has continued to affect the business, with managing director Wilhelm Einhaus saying the company’s financial failings were due to the public prosecutor’s office refusing to return the stolen cryptocurrency tokens it paid the attackers.
The Register reports that authorities seized the ransom payment as part of their investigation into the cybercriminals, but the high six-figure assets were never returned.
The downtime that ensued, and the ransom payments made by the company, led to seven-figure losses in total, Einhaus said, who tried to recover the lost funds and revenue through various means, including selling company property, liquidating investments, and reducing headcount from more than 100 to just eight.
Recent research found 75% of business leaders admitted they would still make a payment if it were the only way to save their company, even if criminal penalties were in place.
Proposed legislation would make it illegal for public sector and critical infrastructure organisations to pay ransoms, while private firms would be required to notify authorities if they intend to do so.
Darren Thomson, Field CTO EMEAI at Commvault, said that while a no-pay policy helps to minimise the ransomware economy, it is also vital to consider cyber readiness, proactivity and recovery as a top business priority.
“In order to achieve this, organisations must consider regular testing of their isolated recovery environments, clearly defined roles and responsibilities amidst a crisis, what systems make up their minimum viable company and the correct incident response tools,” he said. “With all of these considered, this may reduce the likelihood of ever needing to consider paying a ransom.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show.
Outside work, Dan supports Tottenham Hotspur, manages mischievous cats, and samples the finest craft beers.
