Cyber Incident Victim: Röhr + Stolberg GmbH
Date:
Oct 2023
Location:
Germany
Summary
A ransomware attack disrupted Röhr + Stolberg GmbH's operations, forcing systems offline. The company restored most functionality, including production, within a week by bringing servers back online while maintaining internet isolation as a precaution. Communication with external parties was rerouted through secure devices outside the compromised environment, with alternative contact methods provided. Potential unauthorized data access remains unconfirmed, though authorities including police and data protection agencies were notified. The organization reiterated that its banking details remained unchanged, warning recipients to disregard any contradictory fraudulent communications and to report such instances. Operational recovery efforts continued with promises of further updates.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 23, 2023, Röhr + Stolberg GmbH experienced a ransomware attack that disrupted its operations. The company’s IT team, supported by external specialists, worked to restore systems within one week, enabling the majority of business functions—including production—to resume. As a containment measure, all internal systems remained disconnected from the internet indefinitely to prevent further compromise. Communication with customers, suppliers, and service providers was rerouted through secure computers isolated from potentially affected infrastructure to maintain operational continuity. Standard points of contact remained available via email and phone, with a dedicated backup number (+49 157 7769 6728) provided for unexpected communication disruptions. The company explicitly confirmed no changes to its banking details, warning stakeholders to disregard any contrary instructions and to report such attempts immediately.
Despite restoration efforts, Röhr + Stolberg acknowledged the possibility that unauthorized third parties accessed sensitive data during the incident. The breach prompted formal notifications to law enforcement and data protection authorities, though the scope of compromised data remained unconfirmed at the time of the update. No ransomware group or specific attack vector was disclosed. Business operations resumed with residual reliance on isolated systems, reflecting ongoing security precautions. The company committed to providing further updates as new information emerged, emphasizing transparency while limiting public details to verified facts. No operational deadlines or full recovery timelines were specified beyond the initial server restoration.