Ransomware incident at Oettinger brewery

Cyber criminals have attacked the Oettinger brewery. They have apparently encrypted and copied data in order to blackmail the company.

An entry about the Oettinger brewery has appeared on the darknet website of the criminal online gang RansomHouse, in which the perpetrators claim to have penetrated the IT systems on April 19. According to the entry, they encrypted the company's data. As evidence, they uploaded a directory structure and documents. These included sensitive information, with one directory indicating warnings for employees.

Overlying directories dated April 20, 2025, for example, refer to shipping and logistics, the individual company locations, the vehicle fleet, warehouse management, quality management systems and more.

Oettinger brewery: investigations underway

In response to our inquiry, the Oettinger brewery commented on the IT incident as follows: "We are currently investigating the cyber attack on Oettinger Getränke together with IT forensic experts, the data protection authority and cybercrime specialists. The same applies to the issue of data leaks. For tactical investigative reasons, we are unable to comment further at this time. Production and logistics are not affected by the cyberattack."

The company thus confirms the intrusion into its corporate IT. While the supply of beer and drinks has been secured, communication, for example via email, was apparently temporarily disrupted.

Please also read:

Topic page on ransomware on heise online

Attacks on IT by criminal gangs, in particular with the extraction of data and encryption using ransomware (also known as "double extortion") after successful break-ins, remain commonplace. However, it now mostly affects smaller medium-sized companies, which is why there are fewer reports about it in the media. This could be one of the reasons why ransom payments following such ransomware attacks fell significantly in 2024, as the company Chainalysis found out in a study.

(dmk)