Cyber Incident Victim: Storopack
Date:
Mar 2023
Location:
Germany
Summary
A ransomware attack compromised Storopack Hans Reichenecker GmbH through unauthorized access to administrative privileges, resulting in encrypted application servers and domain controllers. The attackers demanded ransom for decryption keys but did not follow up with additional threats. Subsequent internet claims suggested personal data from individuals in France, Switzerland, and Asia may have been exfiltrated. The incident disrupted email communications and limited telephone accessibility at the company’s German operations, potentially causing delivery delays. Affected employees, including a possible Maine resident among others, received notifications with offers of two years’ credit monitoring and identity theft protection services. The company activated emergency protocols, informed authorities, and worked to restore systems while maintaining customer updates via its unaffected website.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 15, 2023, Storopack Hans Reichenecker GmbH, the German parent company of packaging manufacturer Storopack, experienced an initial cybersecurity breach. The incident escalated six days later on March 21, when attackers deployed ransomware that encrypted critical IT infrastructure, including application servers and domain controllers. Attackers had acquired and misused administrative privileges to execute the encryption, simultaneously issuing a ransom demand for system decryption. Storopack GmbH immediately activated its IT emergency protocol upon discovery, implementing security measures and alerting German police and relevant authorities. Communication channels were severely disrupted, rendering corporate email inoperable and limiting telephone availability, though the company website remained operational for customer contact. Storopack’s U.S. subsidiary, Storopack Inc. of Cincinnati, Ohio, subsequently reported potential impacts to its operations due to the parent company’s compromised systems. The attack caused logistical disruptions, resulting in possible delivery delays as teams worked to maintain supply chain continuity.
The full scope of data compromise emerged months later, with Storopack learning on June 12, 2023, that attackers potentially exfiltrated personal information of individuals in France, Switzerland, and Asia during the incident. While no definitive evidence confirmed data theft affecting Maine residents, the company acknowledged a theoretical exposure of one resident among up to 1,304 potentially impacted individuals globally. Storopack GmbH began notifying employees about the breach on April 20, 2023, followed by a supplemental notice on June 29 offering 24 months of credit monitoring and identity theft protection through Equifax. No further communication or demands from the attackers occurred after the initial ransom request. The restoration of systems proceeded without public disclosure of technical remediation steps, though Storopack emphasized ongoing efforts to fully recover operational capacity while minimizing client disruptions through alternate communication methods.