Cyber Incident Victim: Röhrnbach

On January 13, 2023, a local company in Röhrnbach, Passau district, Bavaria, experienced a ransomware attack that encrypted its operational data, rendering it inaccessible. The attackers deployed malicious software to compromise the firm’s systems but did not issue a direct ransom demand to the company. Upon discovering the encryption, the business reported the incident to the Freyung Police Station, initiating a law enforcement response. The Passau Criminal Police’s Quick-Reaction Team, a specialized unit established in July 2021 across all Bavarian police presidencies to combat cybercrime, assumed control of the investigation. This team dispatched an IT investigator and a digital forensics specialist to the company’s premises to secure digital evidence, including traces left by the perpetrators, and to initiate immediate investigative steps.

The attackers communicated exclusively through a Darknet-based contact method, but the company declined to engage, having maintained sufficient isolated backups and documentation to independently restore its operations without paying a ransom. The incident did not disrupt the business’s ability to recover its systems, as its backup strategy ensured data integrity by physically separating backups from active networks. Police emphasized the importance of preventive measures such as regular IT security updates, professional oversight of defenses, and robust backup protocols to mitigate operational and existential risks from similar attacks. No data theft, financial losses beyond initial disruption, or secondary impacts were reported in the available information. The company resumed normal operations using its secured backups, and the investigation focused on forensic analysis of the attackers’ digital traces without public disclosure of technical specifics regarding the ransomware variant or initial attack vector.