German phone repair biz collapses following 2023 ransomware attack
- Reference: 1754304311
- News link: https://www.theregister.co.uk/2025/08/04/einhaus_group_ransomware_collapse/
- Source link:
Wilhelm Einhaus, who heads up Hamm-based Einhaus Group, confirmed the news to regional outlet [1]WA late last week.
The managing director said the company's financial failings were due to the public prosecutor's office refusing to return the stolen cryptocurrency tokens it paid the attackers.
[2]
Reportedly in the high six-figure range, authorities seized the ransom payment as part of their investigation into the cybercriminals, but the assets were never returned, Einhaus claimed.
[3]
[4]
"The fact that we, as the proven victims, are not recouping the extorted funds, even though they have been confiscated, has derailed our restructuring efforts," he said (machine translation).
Einhaus Group comprises 13 companies that Einhaus founded in the early 2000s. Three of these businesses have now started insolvency proceedings, including a mobile phone insurance company, a logistics business, and a 24-hour mobile phone repair service, which at one time was offered in more than 5,000 retail stores in Germany.
[5]
The business also partnered with major telcos such as Deutsche Telekom and 1&1, generating €70 million in annual revenues at its peak.
However, the [6]Royal ransomware group targeted the company in 2023, and Einhaus recalled walking into the office one morning to be greeted by reams of printouts indicating the attackers had control of his systems.
"We've hacked you. All further information can be found on the dark web," read the pages spewed out by every printer in the office, the managing director said. Staff were locked out of their computers and everyday business was halted.
[7]
The downtime that ensued, and the ransom payments made by the company, led to seven-figure losses in total, Einhaus said.
Einhaus aimed to recover the lost funds and revenue through various means, which included selling company property, liquidating investments, and reducing headcount from more than 100 to just eight.
Einhaus Group joins a long list of companies to have been hit by ransomware and later gone on to file for bankruptcy.
[8]As ransomware gangs threaten physical harm, 'I am afraid of what's next,' ex-negotiator says
[9]Ingram Micro confirms ransomware behind multi-day outage
[10]FBI: Watch out for these signs Scattered Spider is spinning its web around your org
[11]UK to ban ransomware payments by public sector organizations
In the same year Royal attacked Einhaus, a UK transportation company, Knights of Old, announced its collapse following an attack claimed by the Akira group. The business had existed for 158 years until then.
Ransomware was also [12]blamed for the demise of vodka giant Stoli's US arm. Two of its US subsidiaries faced $84 million in debts accrued in some part due to a ransomware attack in August last year, as well as a long-running legal feud with Putin, who branded the company as extremists for its support of Ukraine following the invasion.
Finnish psychotherapy clinic Vastaamo also went under in 2021 after its [13]patients were blackmailed using data that attackers stole from its systems a year earlier. ®
Get our [14]Tech Resources
[1] https://www.wa.de/hamm/hacker-richten-millionenschaden-in-hamm-an-und-stuerzen-firma-in-die-pleite-insolvenz-93845354.html
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aJDZCDSDfC_4SyVw9YQnSAAAAE0&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aJDZCDSDfC_4SyVw9YQnSAAAAE0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aJDZCDSDfC_4SyVw9YQnSAAAAE0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aJDZCDSDfC_4SyVw9YQnSAAAAE0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2023/11/14/us_confirms_royalblacksuit_ransomware_ties/
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aJDZCDSDfC_4SyVw9YQnSAAAAE0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[8] https://www.theregister.com/2025/07/31/ransomware_physical_harm_threats/
[9] https://www.theregister.com/2025/07/06/ingram_micro_confirms_ransomware_behind/
[10] https://www.theregister.com/2025/07/29/fbi_scattered_spider_alert/
[11] https://www.theregister.com/2025/07/22/uk_to_ban_ransomware_payments/
[12] https://www.theregister.com/2024/12/05/putin_ransomware_stoli_group/
[13] https://www.theregister.com/2024/04/30/finnish_psychotherapy_center_crook_sentenced/
[14] https://whitepapers.theregister.com/
Re: You paid them
It may "ought to be a criminal offence" but currently it is not, so is holding on the their money a crime itself?
Re: You paid them
It could be a crime depending on who you pay it to, for example if it is a gang in Russia or North Korea.
This shouldn't really happen.
If someone is hit by ransomware, they should not be charged for losing data to a criminal act. It's like charging a rape victim for forensics and police time.
Their hardware is junk, but that is a relatively small cost, the equivalent of bringing forward the next upgrade forced on them by MS.
Staff can man the phones and take orders - there should always be a Plan B to return to paper.
So, new hardware, reinstalled software, period with fewer orders, back up from offline data. That shouldn't be enough to kill a business. It's the equivalent of a really bad storm.
There are plenty of basic ways to protect yourself from ransomware. Offline back ups, encryption, keeping your intranet air gapped from the internet, and using third party environments for sales (Amazon marketplace/ebay), only using your own website for promotions. A Plan B - paper, phones, staff - is essential, and if your business has any long term viability, you should be building up a stash of cash for emergencies. You should also have insurance. And, no, you shouldn't give money to criminals, unless you put a tracker or an explosive device in the bag with it.
So what part of that didn't happen for these companies?
back up from offline data
And therein lies the rub; Once you've been hit with a ransomware, there's two running timers and bank balances;
One for recovering your systems, and getting the business back up and running; while often expensive, the cost directly relates to how good your disaster recovery and backups are, and outside of enterprise, the answer is normally "Not good enough, and this is a bad time to find that out"
The other is for the Reputational and financial damage the event causes for you: if you have big liabilities (or even blackmail material), or a more paranoid type of customer, this can snowball into a big problem.
Some business can survive one of those; very few outside the multinationals can survive both.
You paid them
You are therefore complicit in funding cybercrime
It ought to be a criminal offence to pay these scumbags, so if all that happened is you didn't get your money back, then you got off lightly.