IMAGE SOURCE INSTAGRAM: @einhaus.group

From successful model to insolvency case - at the click of a mouse?

What began with a vision is now ending in chaos: the inventor of cell phone insurance in Germany, Wilhelm Einhaus, is on the verge of going out of business with his company. The reason for this is not a management error or a change in the market - but a cyber attack. An attack like the ones you see in movies - only in this case, it's not Hollywood but Hamm in Westphalia that is writing the script.

With its services such as the 24-hour cell phone replacement service, Einhaus once made over 70 million euros in sales per year. Now eight employees remain - and the hope of making a new start.

The perfidious power of hackers: "Royal" ransomware paralyzes everything

The nightmare began in spring 2023, when servers were encrypted overnight, systems were paralyzed and data was blocked. Every printer in the office had a printout with the following message: "We've hacked you. More information on the darknet."

The perpetrators had infiltrated the "Royal" malware - a highly dangerous ransomware tool that completely blocks IT infrastructure. Einhaus immediately called in the police and the State Office of Criminal Investigation. But it was too late: access to contract, billing and communication data was gone. And the company was at a standstill.

Apparently, the only way to get the data back is the one that nobody wants to take: paying a ransom in Bitcoin. There is no word on the exact amount. The only thing that is clear is that the damage is in the mid seven-figure range.

Fight for survival: Liquidated, sold, dismissed

In order to keep the business going, capital investments were liquidated, the company property was sold and over 90 employees had to leave. But even that was not enough. Another shock followed: The six-figure crypto assets seized in the course of the investigation were not returned to the company.

"The fact that we, as the demonstrably aggrieved party, have not received the extorted funds back, even though they were confiscated, has caused our restructuring efforts to fail."
Wilhelm Einhaus comments on the legal fiasco.

Three suspected perpetrators are under investigation - it is unclear whether charges will be brought. A possible connection with the cyberattack on "IT Südwestfalen" has also not been confirmed. The judiciary remains silent, the company is bleeding.

Who actually protects the victims?

This case is more than just a business thriller - it's a wake-up call! While data protection, cyber defense and digital sovereignty are celebrated in political soapbox speeches, in reality a flagship company is going under because the state is not returning confiscated ransom money.

Why? Anyone who has ever been the victim of a cyberattack knows that bureaucracy works at a snail's pace, the perpetrators at a second's notice. The fact that even seized funds are not returned to the affected company is not a legal feat - it is a system failure.

In this case, the justice system did not defeat the hackers, but rather helped to bureaucratize the victim.
If we want to talk seriously about cyber security, then we have to stop leaving the victims alone - and start taking responsibility. Everything else is digital fairyland.