The Ransomware That Never Ends: Einhaus Group Collapses After Paying Royal’s $230K Ransom
The prominent German firm Einhaus Group, renowned for its specialization in mobile device insurance and servicing, has formally announced the commencement of bankruptcy proceedings. The downfall was precipitated by a cyberattack in March 2023, the ramifications of which the company was ultimately unable to overcome.
One morning in mid-March of last year, company founder Wilhelm Einhaus arrived at the office to a chilling scene. Each printer bore a sheet of paper with the ominous message: “We’ve hacked you. Further information can be found on the dark web.” It was later revealed that the breach had been orchestrated by a hacker collective known as Royal. The attackers encrypted the company’s entire digital infrastructure, rendering operations impossible.
The perpetrators demanded a ransom of approximately $230,000 in Bitcoin to restore access to the data. The leadership of Einhaus Group faced a harrowing dilemma. Cybersecurity experts strongly advise against paying ransoms, as doing so incentivizes criminal activity. Yet without functioning systems, the company was hemorrhaging revenue by the day.
Ultimately, the firm opted to pay the ransom, reasoning that the costs incurred from prolonged inactivity far exceeded the demanded sum. By Einhaus’s own estimates, the total damage amounted to a mid-seven-figure sum—several million euros.
Einhaus Group was far from a minor player. It maintained partnerships with industry giants such as Cyberport, 1&1, and Deutsche Telekom. Prior to the attack, the company employed 170 individuals. Yet recovery from the cyber incident proved an insurmountable challenge.
Drastic austerity measures followed. The workforce was slashed from over a hundred to merely eight employees. The remaining staff were forced to handle customer requests and manage documentation manually—an almost unimaginable feat.
By mid-2024, the company sold its headquarters and liquidated various assets in a desperate effort to stay afloat. A flicker of hope emerged when German law enforcement arrested three suspected hackers and seized cryptocurrency valued in the high six-figure euro range.
However, this development brought no relief to the beleaguered firm. Prosecutors refused to release the confiscated funds until the investigation concluded, despite Einhaus Group’s urgent legal efforts to reclaim its losses. Moreover, the company was not alone—other victims of the same hacker group remain entangled in similar limbo.
As a result, three companies affiliated with Einhaus Group have officially filed for bankruptcy. Liquidation typically follows, though it is not an inevitability. Seventy-two-year-old Wilhelm Einhaus declared that he has no intention of retiring, even in the face of the worst-case scenario. In his words, he is ready to “start anew.”
The story of Einhaus Group is far from isolated. Just last week, news broke of the collapse of the British logistics company Knights of Old, which had endured for 158 years but succumbed to a ransomware attack. A breach by the Akira cybercrime group forced the company to cease operations, leaving 700 employees without work.
These incidents starkly illustrate the devastating potential of modern cyberattacks. Even when a company capitulates to ransom demands, recovery is far from assured—and financial ruin remains a haunting possibility.
