Cyber Incident Victim: Otto Dörner
Date:
Feb 2022
Location:
Germany
Summary
A waste management company operating in Mecklenburg-Vorpommern experienced a significant ransomware attack where hackers encrypted its systems and demanded payment for restoration. The incident disrupted operations at multiple facilities, prompting engagement with law enforcement authorities. The State Criminal Police Office initiated an investigation and reportedly identified actionable leads regarding the perpetrators. While recovery efforts were underway, the organization faced prolonged IT outages affecting service delivery. No explicit confirmation of data exfiltration was provided in initial reports, though the attackers' ransom demand indicated potential leverage beyond system encryption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around February 1, 2022, Otto Dörner, a waste disposal company operating multiple facilities in Mecklenburg-Vorpommern (MV), Germany, experienced a significant cyberattack. Hackers infiltrated the company's systems, disrupting operations and demanding a ransom payment to restore access or prevent further damage. The attack caused widespread technical disruptions across the company's infrastructure, though specific compromised systems or data types were not publicly disclosed. Otto Dörner engaged with law enforcement immediately after detecting the breach, initiating an investigation into the incident's scope and origin. The State Criminal Police Office (LKA) assumed primary investigative responsibility, examining digital evidence to trace the attackers' methods and infrastructure.
The company faced operational challenges stemming from the attack's aftermath, though the exact duration and severity of service interruptions remained unspecified in available reports. Law enforcement officials confirmed identifying at least one actionable lead regarding the perpetrators during their initial forensic examination. No public statements from Otto Dörner detailed whether ransom negotiations occurred or whether data exfiltration accompanied the network intrusion. Recovery efforts proceeded alongside the criminal investigation, with no subsequent disclosures about system restoration timelines or financial losses incurred. The LKA maintained an active case without releasing additional suspect details or attribution claims at the time of reporting.