Share this article on:
Powered by MOMENTUMMEDIA
Breaking news and updates daily.
Threat actors have claimed a ransomware attack on German beer drinks titan Oettinger Brauerei (Oettinger), claiming to have exfiltrated business data.
Oettinger is one of the largest producers of beer and was formerly Germany’s best-selling beer brand between 2004 and 2013, outputting 6.21 million hectolitres of beer in 2011.
The company was listed on the dark web leak site of the RansomHouse ransomware group, which claimed to have encrypted the company’s data on 19 April 2025. However, the listing was posted on 5 May.
“Dear management of OeTTINGER Brauerei and Pia Kollmar. We are sure that you are not interested in your confidential data to be leaked or sold to a third party. We highly advise you to contact us,” the threat actor said,
Pia Kollmar is the company’s majority shareholder and managing director and is ranked among the top 100 most influential businesswomen in Germany.
Within the listing, RansomHouse posted a sample of company data, which, when translated from German, appears to contain data relating to logistics, fleet and fleet management, maintenance, warehouse management, exchange, shipping, quality assurance, project technology, production and more.
Cyber Daily has reached out to Oettinger Brauerei for comment on the incident.
RansomHouse is a ransomware-as-a-service (RaaS) operation that first appeared in 2021. The group claims to differentiate itself from other RaaS operations by not performing double extortion by only exfiltrating data, not encrypting. However, as previously stated, this was not the case with Oettinger.
The group typically operates by targeting victims using phishing and spear phishing emails but has also been observed using other third-party software to gain access to victim networks, according to SentinelOne.
An offshoot of RansomHouse appeared to launch when 8Base first made waves in 2023, using almost identical ransom notes and page text on the dark web leak site at the time.
“Given the similarity between the two, we were presented with the question of whether 8Base may be an offshoot of RansomHouse or a copycat,” researchers at VMware said in a blog post.
“Unfortunately, RansomHouse is known for using a wide variety of ransomware that is available on dark markets and doesn’t have its own signature ransomware as a basis for comparison.
“Interestingly, while researching 8Base, we weren’t able to find a single ransomware variant either. We stumbled across two very different ransom notes – one that matched RansomHouse’s and one that matched Phobos’.
“It begged the question if 8Base, similar to RansomHouse, operates by using different ransomware as well, and if so, is 8Base just an offshoot of RansomHouse?”
Be the first to hear the latest developments in the cyber industry.