Ehrmann SE is a dairy headquartered in Germany. It has production facilitites in Russia and Brazil, as well as sales offices in Italy, Spain, the Czech Republic, Poland, Finland and China.
The multinational firm has reportedly been hit by hackers. All we really know so far, as reported yesterday by Jens Noll and Sabrina Karrer, is that the dairy was attacked last week. The dairy confirmed the attack to Augsburger Allgemeine, but did not provide any statement about the scope of the breach.
Thomas Schwarz and Sabrina Karrer subsequently had a small update to the report, noting that the police had informed them that the threat actors had demanded a “million dollar sum” (machine translation) but that Ehrmann had not paid and just contacted the police. (See Correction at bottom of story)
Most Russian threat actors avoid hacking Russian entities or CIS entities. Ehrmann has a Russian production faciity. Were the threat actors non-Russian, or were they Russian hackers who may have erred in their target selection?
DataBreaches.net has sent an email inquiry to Ehrmann asking if they can identify the threat actors and if their system was encrypted. This post will be updated if a reply is received.
*** Correction: In German, the sentence was “Wie die Polizei auf Nachfrage unserer Redaktion bestätigt, versuchten die Unbekannten, eine Millionensumme zu erpressen.” Google translated it as million dollar sum, but @z0man helpfully pointed out that it should be “millions.” Bing translator agrees with him, so the demanded ransom may have been millions of dollars and not (just) one million
Reporting by Chum1ng0. Editing and comment by Dissent.