Cyber Incident Victim: Holz Ruser GmbH & Co. KG
Date:
Apr 2025
Location:
Germany
Summary
Holz Ruser GmbH & Co. KG experienced a cyberattack that deployed malware across its entire IT system at the Bornhöved site, leading to a halt in business operations. The full scope of the damage was only determined after the holiday period, when the extent of the disruption and data impact could be assessed. The attack forced the company to suspend normal activities while it worked to contain the threat and begin recovery efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 17, 2025, Holz Ruser GmbH & Co. KG, based in Bornhöved, experienced a hacker attack that halted its business operations. The attack was disclosed by the company's owner and managing director, Henning Ruser. According to his statement, the malicious software was deployed across the entirety of the company's IT system at the site. The incident prompted an immediate disruption of normal business activities.
Because the attack occurred shortly before a period of public holidays, the complete scope of the damage could not be assessed until April 23, 2025. Henning Ruser noted that the holiday interval delayed the full evaluation of the impact on the IT infrastructure. During this interval, the malware remained present on the system, affecting all IT components. The company's response focused on determining the extent of the compromise once the holiday period ended.
By April 23, the full magnitude of the damage had been ascertained, confirming that the malware had permeated the entire IT environment. No further details regarding data loss, restoration efforts, or attacker identity were provided in the available source. The narrative concludes with the confirmation that the attack had halted operations and required a post‑holiday damage assessment.