Oettinger Brewery Allegedly Targeted in Ransomware Attack by Ransom House
German brewery Oettinger Brauerei, one of the largest beverage manufacturers in the country, has allegedly become the latest target of the ransomware group Ransom House. The attackers claim to possess a large volume of sensitive internal data and are threatening to publish it unless their demands are met.
The ransomware gang published a message on its dark web extortion site on May 5, demanding that the brewery’s management contact them directly. According to the post, the cybercriminals have been holding encrypted data since April 19.
“Dear management of OeTTINGER Brauerei and Pia Kollmar. We are sure that you are not interested in your confidential data to be leaked or sold to a third party. We highly advise you to contact us,”
— Message posted by Ransom House
Screenshot by Cybernews.
This kind of public pressure tactic is commonly used by ransomware groups to force victims into negotiations.
Attack May Involve Three Years of Internal Documents
Cybernews, which reviewed sample files allegedly stolen from the company, reports that the leaked data spans 2022 to 2025. If verified, the breach could expose:
- Trade secrets
- Supplier agreements
- Employee information
- Financial records
“The leaked internal documents could expose trade secrets, supplier contracts, employee data, and financial records, handing cybercriminals the perfect playbook for future attacks,”
— Cybernews researchers
The financial cost of the incident could be significant, factoring in potential ransom payments, recovery efforts, and regulatory fines.
Oettinger Silent as Pressure Mounts
Cybernews reported that Oettinger has not yet responded to inquiries about the alleged breach. The company, headquartered in Oettingen in Bayern, operates facilities in Mönchengladbach and Braunschweig, and generates over $420 million in annual revenue. It employs roughly 800 people and ranks among the top 25 breweries globally.
Ransom House: A Persistent Cyber Threat
Ransom House has been active since December 2021, and has claimed at least 122 victims on its leak site, according to Cybernews’ Ransomlooker tracker.
The group previously made headlines for its attack on Hospital Clinic de Barcelona, which disrupted medical services and led to the cancellation of thousands of appointments.
As of now, no confirmation has been provided by Oettinger regarding the breach, and no law enforcement involvement has been publicly disclosed.
The Oettinger ransomware attack, if confirmed, adds to the growing list of cyber threats targeting manufacturing and food and beverage sectors, underlining continued vulnerabilities across industrial networks.
