Cyber Threat Actor: Metaencrypter
| Actor Type | Location | Known Incidents |
Criminal
|
—
|
2 incidents |
|---|
Profile
Metaencrypter is a threat actor identified through ransomware operations targeting the publishing sector in Germany. The group's sole publicly referenced alias corresponds to its self-identified moniker used during attacks. Its activities surfaced in July 2023 through a disruptive incident against Münchner Verlagsgruppe, Germany's largest non-fiction publisher. The attack demonstrated financially motivated objectives centered on extortion through data encryption and theft, though potential secondary misuse of stolen information for fraud remains a concern based on victim disclosures.
The actor's confirmed targeting focuses on publishers within Germany, specifically compromising sensitive author data including bank details, tax identification numbers, contracts, and physical addresses. Operational patterns involve deploying ransomware to encrypt and delete victim data while exfiltrating information for dual extortion leverage. The group issued ransom demands, though payment refusals led to permanent data loss requiring full infrastructure replacement. Forensic investigations by authorities examined computer sabotage, data manipulation, and extortion attempts, but technical specifics regarding malware variants, initial access vectors, or tooling remain undisclosed in public reporting. No attributive links to state actors or criminal consortiums have been established. The Munich publishing attack represents Metaencrypter's only publicly documented operation, causing unquantified financial damage and operational paralysis through irreversible data destruction affecting approximately 5,000 individuals. Stolen data exposure risks persist absent confirmed deletion or law enforcement recovery.
