Cyber Incident Victim: Nah&Frisch Wieser Türnitz

On or around April 7, 2021, Georg Wieser’s Türnitzer Nah & Frisch market in Austria experienced a ransomware attack that disrupted normal operations. The attack began when all files on the business’s computer systems were suddenly encrypted, rendering them inaccessible. Following the encryption, the attackers delivered a blackmail message demanding payment, though the specific format and content of this message were not disclosed publicly. Market owner Georg Wieser confirmed the incident to local media outlet NÖN, stating the attack forced the temporary closure of the store starting Wednesday, April 7. A physical notice informing customers of the closure due to "cyberattacks and blackmail" was posted at the market premises in the days following the incident. Wieser emphasized his priority was communicating the operational disruption to customers rather than detailing the attackers’ demands. The business had no prior history of similar cybersecurity incidents according to the owner.

Wieser immediately reported the ransomware attack to unspecified authorities following its detection. The market’s IT systems team initiated efforts to restore operations, described as "rectification" work, though technical specifics about containment measures or decryption attempts were not disclosed. No information was provided regarding the duration of the closure, data theft claims by attackers, or whether systems were restored from backups. The incident caused direct operational impacts through forced closure and loss of computer system functionality. Public consequences included customer notifications via physical signage and media statements confirming the attack’s occurrence and business disruption. Wieser did not disclose whether ransom payments were made or negotiated, nor were any threat actor groups or ransomware variants identified in available reporting.