Cyber Incident Victim: Bizerba SE & Co. KG
Date:
Jun 2022
Location:
Germany
Summary
A global manufacturer experienced a ransomware attack utilizing Lockbit, leading to the immediate security shutdown of all worldwide IT systems. The company collaborated with cybersecurity experts and law enforcement, denying any ransom payment. Core business functions were restored within weeks, followed by a comprehensive rebuild of the IT infrastructure over subsequent months to implement enhanced security protocols. This restructuring resulted in improved product security, more resilient remote services, and the ability to provide guidance to customers facing similar incidents. Despite initial operational disruptions, the organization reported strengthened internal cohesion and projected revenue exceeding pre-attack records.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 27, 2022, Bizerba SE & Co. KG experienced a cyberattack targeting its global IT systems using Lockbit ransomware, a Ransomware-as-a-Service (RaaS) variant operated in the darknet. The attack occurred overnight, prompting the company to immediately implement security protocols that involved shutting down all global systems to contain the threat. Bizerba engaged external IT security and forensic experts to analyze the breach and initiate recovery efforts. The company collaborated closely with law enforcement agencies, including the Esslingen police department, throughout the investigation. CEO Andreas W. Kraut publicly confirmed no ransom payments were made to the attackers, emphasizing the company's refusal to negotiate with cybercriminals. Initial forensic examinations confirmed the integrity of Bizerba's hardware and software products, allowing the resumption of product deliveries and installations shortly after the incident. Within approximately six weeks, all essential business functions were restored globally, though full operational normalization required several additional months to reactivate remaining systems and applications.
The incident accelerated Bizerba's strategic overhaul of its IT infrastructure under a "build back better" philosophy, abandoning simple restoration in favor of constructing an entirely new security-focused architecture. This rebuild incorporated enhanced processes, structures, and systems designed to exceed pre-attack security levels, with Dr. Christian Hürter, Director of Global IT, noting the compressed timeline achieved what would typically require years under normal circumstances. The restructured environment underwent rigorous customer testing, validating its improved security posture. Michael Berke, Vice President for Global Sales & Marketing, reported strengthened customer trust through transparent communication about security enhancements, including more secure remote services and expanded support for clients facing cyber threats. Despite concurrent challenges like supply chain disruptions and economic headwinds, CEO Kraut highlighted improved global employee cohesion and projected 2023 revenues surpassing 2021 records. Chief Information Security Officer Jochen Müller acknowledged persistent cyber risks but affirmed Bizerba had achieved optimal security preparedness through continuous improvements, comparing the organization's posture to hurricane-resistant infrastructure designed to minimize future damage.