Two weeks after a ransomware attack struck the Oettinger Brauerei GmbH, the German brewing group is still dealing with the aftermath. According to internal estimates, cleanup efforts could stretch into the height of summer. Despite this, the supply capability of the group—responsible for around 1.8 million hectoliters at its main site and about 7 million hectoliters in total—remains unaffected, the company officially confirmed.
The cyberattack occurred on April 19, 2025, and was carried out by the criminal hacker group RansomHouse. On its darknet site, the group posted a file directory and documents as proof of the breach. These included sensitive internal data, such as employee warnings and logistics information dated April 20, pointing to access to various business areas, including shipping, site management, fleet operations, warehouse systems, and quality control.
The brewery confirmed the attack and stated that it is working with IT forensic experts, data protection authorities, and cybersecurity specialists to investigate the incident and potential data leaks. However, details remain confidential due to ongoing investigations. According to the company, neither production nor logistics were impacted, although communication systems such as email were temporarily disrupted.
This attack highlights the continued threat posed by ransomware, particularly the "double extortion" method of encrypting and exfiltrating data. While large corporations remain high-profile targets, increasingly mid-sized companies like Oettinger are being affected. Recent trends indicate a decline in ransom payments in 2024, possibly due to reduced media coverage, as observed by the analytics firm Chainalysis.
