Struggling phone repair and insurance company succumbs to costly ransomware attack, leaving over 100 workers jobless and retaining only a skeleton crew of eight
In mid-March 2023, the Einhaus Group, a mobile device insurance and service network, suffered a crippling cyberattack at the hands of the hacker group 'Royal'. The attack encrypted all of Einhaus's systems, essential for the day-to-day running of the business, and demanded a ransom payment, estimated to be around $230,000 in Bitcoins.
Despite paying the ransom, Einhaus was unable to recover from the outage and the economic fallout. The long-term impacts were severe. The company's essential systems remained encrypted, leading to a halt in operations. Business damages were estimated in the mid-seven-figure range, exceeding the ransom amount.
The attack also led to a loss of customer trust and disruption of partnerships with major firms. The financial strain was so severe that Einhaus ultimately filed for insolvency and underwent significant employee layoffs, reducing its workforce from 170 to eight employees.
The public prosecutor's office in Germany has seized "crypto assets in the high six-figure euro range" from the investigation, but the ransom payment is still being held by them. The next stage for the insolvent companies is likely liquidation, but it is not yet inevitable.
The Einhaus Group's case underscores the importance of proactive cybersecurity measures and incident response planning. To mitigate risks after a ransomware attack and reduce long-term damage, businesses can adopt several strategies.
First, regular independent cyber-audits to ensure robust security controls and minimum cybersecurity standards across the enterprise. This includes enforcing strong password policies and multi-factor authentication.
Second, developing and regularly updating comprehensive response and recovery plans to minimize downtime in case of an attack. Involving law enforcement promptly and coordinating with cybersecurity experts can reduce chaos after an incident.
Third, maintaining frequent, secure, and tested backups that are isolated to prevent encryption by ransomware, allowing restoration of critical systems without paying ransom.
Fourth, following emerging rules around ransomware reporting to government agencies and possibly prohibitions on ransom payments for public bodies can help contain criminal operations.
Fifth, having cyber insurance tailored for ransomware risk and preparing financial buffers can alleviate business strain after an attack.
Sixth, consistent cybersecurity training to reduce risk from phishing and social engineering, which are common ransomware entry methods.
The Einhaus Group's founder, Wilhelm Einhaus (72), has stated that he will not retire if the worst happens and will instead "start afresh." Other ransomware victims are also waiting for refunds, according to news sources.
Recently, another victim of a ransomware attack, a 158-year-old UK-based transportation company, Knights of Old (KNP), collapsed due to a ransomware attack named 'Akira'. The attack resulted in 700 people losing their jobs.
These incidents highlight the need for governments and businesses to enhance cybersecurity standards rigorously and foster readiness, as large ransoms and increasing attack sophistication continue to threaten companies worldwide.
- The financial fallout of the cyberattack on Einhaus Group led to significant employee layoffs, reducing the workforce from 170 to eight employees.
- In the aftermath of the attack, Knights of Old, a 158-year-old UK-based transportation company, collapsed due to a ransomware attack named 'Akira', resulting in 700 people losing their jobs.
- To prevent similar incidents and reduce long-term damage, businesses can adopt various strategies such as regular independent cyber-audits, comprehensive response and recovery plans, maintaining frequent backups, ransomware-specific cyber insurance, and consistent cybersecurity training.
