Cyber Incident Victim: Friedrich Vorwerk

In mid-November 2022, Friedrich Vorwerk, a German construction company specializing in gas pipelines designated as critical infrastructure (Kritis), suffered a ransomware attack that disrupted its operations. The attack compromised all file and database servers along with an unspecified number of workstations, rendering these systems inoperable. The company's IT department responded rapidly, preventing data exfiltration and mitigating broader damage according to their internal assessment. Authorities including data protection agencies and law enforcement were notified, though the specific agencies involved were not disclosed. Attackers issued ransom demands, which the company explicitly refused to pay. Initial containment efforts focused on isolating affected systems to limit propagation across the network.

The incident caused a four-week operational disruption, during which Friedrich Vorwerk's ERP system and other critical infrastructure components remained unavailable. Restoration efforts prioritized core operational capabilities, with essential systems returning to productive use shortly before Christmas 2022. Financial repercussions emerged in subsequent quarterly reports, where the company cited reduced profitability and impaired operational visibility directly attributable to the cyberattack. While immediate construction projects—including pipeline work supporting Germany's LNG terminal development and energy security initiatives—were not explicitly reported as delayed, the IT outage necessitated alternative operational methods during the recovery period. No data breaches or compromised customer information were acknowledged, though the full forensic scope of the attack remained undisclosed. The incident highlighted operational vulnerabilities in Kritis supply chain entities without triggering insolvency risks, contrasting with other ransomware cases where financial pressures forced business closures.