Oettinger Brewery gets hit by ransomware attack
German brewery Oettinger has become the target of a cyber attack in a move that has allegedly put confidential documents at stake. The post Oettinger Brewery gets hit by ransomware attack appeared first on The Drinks Business.
German brewery Oettinger has become the target of a cyber attack in a move that has allegedly put confidential documents at stake.
According to Cybernews analysis, the ransomware crew calling itself Ransom House has claimed it has hit Oettinger which sees its Bavarian beers exported to many markets. The gang has also alleged that it is now in possession of highly sensitive data. In a post seen on its dark web extortion site, the gang has dropped the following message:
“Dear management of Oettinger Brauerei and Pia Kollmar. We are sure that you are not interested in your confidential data to be leaked or sold to a third party. We highly advise you to contact us.”
Ransomware experts have highlighted how sharing a warning on a gang’s website is a common technique used by cybercriminals to coerce organisations into paying a ransom. The attackers’ post went live on 5 May, but the gang has reportedly indicated that it has been in possession of encrypted data from the brewery since 19 April.
If confirmed, the attack could become a reason for major concern since, according to samples reviewed by Cybernews, the stash of documents that the team has acquired includes internal documents dating from 2022 to 2025.
Speaking about the situation, Cybernews researchers stated: “The leaked internal documents could expose trade secrets, supplier contracts, employee data, and financial records, handing cybercriminals the perfect playbook for future attacks.”
The researchers added: “While the financial damage from breach response and potential ransom payments could run into the millions,”
Oettingen Beverages is one of the largest drinks manufacturers in Germany and one of the top 25 breweries globally. The business is headquartered in Oettingen in Bayern and the company reportedly boasts an annual revenue of over US$420 million and has approximately 800 employees spread across sites in Oettingen, Mönchengladbach, and Braunschweig. Germany, which has been historically revered for its brewing prowess, is currently also seeing its beer reputation wane and does not need any further challenges.
Despite this, the cyber crooks going by the name of Ransom House are not new to the Ramsomware scene and, according to Cybernews’ dark web tracker, the collective was first seen back in December 2021.
According to the tracker, the same gang has already listed 122 other victims upon a leak site and has previously spread chaos in Spain when it targeted the Hospital Clinic de Barcelona, forcing staff to cancel thousands of appointments.
Speaking to db about the ordeal, a spokesperson for Oettinger revealed: "We are currently investigating the cyberattack on Oettinger Getranke in conjunction with IT forensic experts, the data protection authority and cybercrime specialists. We are also conducting an investigation into the potential for data leaks. For forensical reasons, we are unable to provide any further details at this moment. Production and logistics have not been affected by the cyberattack.“
According to Cybernews analysis, the ransomware crew calling itself Ransom House has claimed it has hit Oettinger which sees its Bavarian beers exported to many markets. The gang has also alleged that it is now in possession of highly sensitive data. In a post seen on its dark web extortion site, the gang has dropped the following message:
“Dear management of Oettinger Brauerei and Pia Kollmar. We are sure that you are not interested in your confidential data to be leaked or sold to a third party. We highly advise you to contact us.”
Ransomware experts have highlighted how sharing a warning on a gang’s website is a common technique used by cybercriminals to coerce organisations into paying a ransom. The attackers’ post went live on 5 May, but the gang has reportedly indicated that it has been in possession of encrypted data from the brewery since 19 April.
If confirmed, the attack could become a reason for major concern since, according to samples reviewed by Cybernews, the stash of documents that the team has acquired includes internal documents dating from 2022 to 2025.
Speaking about the situation, Cybernews researchers stated: “The leaked internal documents could expose trade secrets, supplier contracts, employee data, and financial records, handing cybercriminals the perfect playbook for future attacks.”
The researchers added: “While the financial damage from breach response and potential ransom payments could run into the millions,”
Oettingen Beverages is one of the largest drinks manufacturers in Germany and one of the top 25 breweries globally. The business is headquartered in Oettingen in Bayern and the company reportedly boasts an annual revenue of over US$420 million and has approximately 800 employees spread across sites in Oettingen, Mönchengladbach, and Braunschweig. Germany, which has been historically revered for its brewing prowess, is currently also seeing its beer reputation wane and does not need any further challenges.
Despite this, the cyber crooks going by the name of Ransom House are not new to the Ramsomware scene and, according to Cybernews’ dark web tracker, the collective was first seen back in December 2021.
According to the tracker, the same gang has already listed 122 other victims upon a leak site and has previously spread chaos in Spain when it targeted the Hospital Clinic de Barcelona, forcing staff to cancel thousands of appointments.
Speaking to db about the ordeal, a spokesperson for Oettinger revealed: "We are currently investigating the cyberattack on Oettinger Getranke in conjunction with IT forensic experts, the data protection authority and cybercrime specialists. We are also conducting an investigation into the potential for data leaks. For forensical reasons, we are unable to provide any further details at this moment. Production and logistics have not been affected by the cyberattack.“ 
