A leading mobile device insurance and service network has initiated insolvency proceedings in the wake of a cyberattack. Germany’s Einhaus Group was targeted by hackers in March 2023 and is understood to have paid a ransom(ware) fee of around $230,000 at the time, according to Wa.de and Golem.de (machine translations). However, the once large and successful company, with partnerships including Cyberport, 1&1, and Deutsche Telekom, struggled to recover from the service interruption and the obvious financial strains, which now appear to be fatal.
The ides of March
In mid-March 2023, Wilhelm Einhaus, founder of the Einhaus Group, recalls coming into the office in the morning to witness a ‘horrific’ greeting. On the output tray of every printer in the office was a page announcing, “We’ve hacked you. All further information can be found on the dark web.” Further investigations revealed that the hack group ‘Royal’ was the culprit. They had encrypted all of Einhaus Group’s systems, which were essential for the day-to-day running of the business. ‘Royal’ demanded a ransom payment, thought to be around $230,000 in Bitcoins, to return access to the computers.
Of course, with operational systems down, there was an immediate impact on Einhaus. The police were involved promptly. However, the affected firm seems to have decided to pay the ransom, as it could see business losses/damages piling up – meaning continuing without the computer systems was untenable. Einhaus estimated that the hacker-inflicted damage to its business was in the mid-seven-figure range.
Trying to recover
Wounded by the financial impacts of the loss of business and the ransom payment, Einhaus Group went forward with several drastic actions.
According to the sources, it once had a workforce of 170 people. However, due to the hacker action, the 100+ employees at the firm in mid-March 2023 were pruned to just eight (8). How it did this, when it also had to process its usual business administration and claims workloads ‘by hand,’ is hard to fathom.
The afflicted firm also sold its headquarters building in mid-2024 and liquidated various capital investments in an attempt to overcome its rough patch.
Law enforcement seizes, but continues to hold the ransom cash
Einhaus thought it saw light at the end of its dismal tunnel after it found out that three hacker suspects had been apprehended by German law enforcement.
In addition to any satisfaction that the likely ‘Royal’ perpetrators would face justice, the public prosecutor’s office seized “crypto assets in the high six-figure euro range,” according to news sources in Germany.
This wasn’t the medicine that Einhaus Group needed, though. The firm was desperate to recover its ransom funds, but the prosecutor’s office refused to release the money until it had completed its investigation. Other ransomware victims continue to wait for refunds, too, we understand from the sources. It seems unlikely that those affected by the cybercriminals will recover all their funds, as the perpetrators will undoubtedly have spent some of the stolen money.
Einhaus Group has been attempting to sue for the return of its funds, but the authorities have rejected its pleas. Now, three companies associated with the group have formally entered insolvency proceedings. The next stage is often liquidation, but that isn’t inevitable. Last but not least, Wilhelm Einhaus (72) insists that he will not retire if the worst happens, according to a report by Wa.de. Instead, he will “start afresh.”
UK’s 158-year-old haulage company faced a similar fate
Last week, we reported on a venerable 158-year-old UK-based transportation company collapsing in the wake of a ransomware attack. Northamptonshire-based Knights of Old (KNP) trucks are now off the road, and 700 people have lost their jobs, mainly due to a money-grasping cyberattack, named ‘Akira’ in a BBC report.
Follow Tom’s Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
