Cyber Incident Victim: Miltenyi Biotec
Date:
Nov 2020
Location:
Germany
Summary
Miltenyi Biotec, a biomedical research firm involved in COVID-19 vaccine development, experienced a ransomware attack disrupting global IT infrastructure, causing operational delays and impairing order processing. The Mount Locker ransomware gang claimed responsibility, exfiltrating approximately 150 GB of data and leaking a portion as proof. While the company restored most systems and assured no malware spread to external partners, residual email and telephone disruptions persisted in some regions. Customer communications were temporarily rerouted via alternative channels, with partial data leaks confirmed through ransomware operators' publications. Restoration efforts mitigated primary impacts, though recovery challenges remained for certain internal functions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late October 2020, Miltenyi Biotec experienced a malware attack that disrupted its global IT infrastructure, impacting operations across its 28-country network supporting 2,500 employees. The biomedical firm, which provides SARS-CoV-2 antigens and cell therapy products for COVID-19 research, acknowledged isolated impairments in order processing systems during the two-week incident period. Company statements confirmed immediate containment measures were implemented to recover affected systems, with full restoration of operational processes achieved by mid-November 2020. However, residual disruptions persisted in email and telephone systems in some regional offices during the recovery phase. Miltenyi Biotec explicitly stated no evidence suggested malware distribution to customers or partners through its supply chain. Customers were notified of potential order delays stemming from temporary system outages and provided alternative contact channels for urgent requests.
The Mount Locker ransomware gang publicly claimed responsibility for the attack on November 4, 2020, publishing approximately 1GB of stolen data (5% of their claimed 150GB exfiltration) on their leak site. This data dump occurred while Miltenyi Biotec was actively restoring systems, though the company did not acknowledge the ransomware group’s involvement in public communications. Forensic evidence indicated the attackers deployed ChaCha20 + RSA-2048 encrypted payloads, rendering data recovery impossible without the threat actors’ decryption tools. Mount Locker’s ransom notes, previously analyzed by cybersecurity researchers, revealed multi-million dollar demands in comparable attacks. Miltenyi Biotec maintained operational continuity for critical COVID-19 research support throughout the incident, prioritizing system restoration and customer communication over public disclosure of technical details regarding the encryption or data theft. The company issued formal apologies for service disruptions while directing affected clients to region-specific contingency contact protocols.