You have 0 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
lawyers weekly logo

Powered by MOMENTUMMEDIA

Breaking news and updates daily. Subscribe to our Newsletter
Advertisement

Now it’s personal! German beer giant Oettinger left flat following ransomware claims

Threat actors have claimed a ransomware attack on German beer drinks titan Oettinger Brauerei (Oettinger), claiming to have exfiltrated business data.

Now it’s personal! German beer giant Oettinger left flat following ransomware claims
expand image

Oettinger is one of the largest producers of beer and was formerly Germany’s best-selling beer brand between 2004 and 2013, outputting 6.21 million hectolitres of beer in 2011.

The company was listed on the dark web leak site of the RansomHouse ransomware group, which claimed to have encrypted the company’s data on 19 April 2025. However, the listing was posted on 5 May.

“Dear management of OeTTINGER Brauerei and Pia Kollmar. We are sure that you are not interested in your confidential data to be leaked or sold to a third party. We highly advise you to contact us,” the threat actor said,

Pia Kollmar is the company’s majority shareholder and managing director and is ranked among the top 100 most influential businesswomen in Germany.

Within the listing, RansomHouse posted a sample of company data, which, when translated from German, appears to contain data relating to logistics, fleet and fleet management, maintenance, warehouse management, exchange, shipping, quality assurance, project technology, production and more.

Cyber Daily has reached out to Oettinger Brauerei for comment on the incident.

RansomHouse is a ransomware-as-a-service (RaaS) operation that first appeared in 2021. The group claims to differentiate itself from other RaaS operations by not performing double extortion by only exfiltrating data, not encrypting. However, as previously stated, this was not the case with Oettinger.

The group typically operates by targeting victims using phishing and spear phishing emails but has also been observed using other third-party software to gain access to victim networks, according to SentinelOne.

An offshoot of RansomHouse appeared to launch when 8Base first made waves in 2023, using almost identical ransom notes and page text on the dark web leak site at the time.

“Given the similarity between the two, we were presented with the question of whether 8Base may be an offshoot of RansomHouse or a copycat,” researchers at VMware said in a blog post.

“Unfortunately, RansomHouse is known for using a wide variety of ransomware that is available on dark markets and doesn’t have its own signature ransomware as a basis for comparison.

“Interestingly, while researching 8Base, we weren’t able to find a single ransomware variant either. We stumbled across two very different ransom notes – one that matched RansomHouse’s and one that matched Phobos’.

“It begged the question if 8Base, similar to RansomHouse, operates by using different ransomware as well, and if so, is 8Base just an offshoot of RansomHouse?”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
You need to be a member to post comments. Become a member for free today!

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.