DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

De: Darkside threat actors attempted to extort Möbelstadt Sommerlad

Posted on May 15, 2021 by chum1ng0
Malfunction Notice -- German
IMAGE: DATABREACHES.NET
Sommerlad Notice - English
IMAGE: DATABREACHES.NET

Möbelstadt Sommerlad is a retail furniture store in Germany. This week, its managing director, Frank Sommerlad, disclosed that they had been the victim of a ransomware attack and extortion attempt. Marc Schäfer reports Sommerlad’s statement (machine translation):

“We got away with it with a black eye,” says Frank Sommerlad, managing director of the R. Sommerlad GmbH & Co. KG furniture store. “We will have to replace up to 400 hard drives on our computers, but we can open again on Friday in the Schiffenberger Tal.”

On the night of April 30th, the furniture store was attacked by professional hackers with a so-called ransomware attack. Despite the existing protection of the IT, all of the company’s servers were encrypted and backups deleted, the Möbelstadt writes in an email to its customers.

As of yesterday’s report, the firm did not yet know whether data has been leaked, but they encouraged their customers to change any passwords.

According to the rest of their statement, it was DarkSide threat actors who were responsible for the attack and ransom demand.

Read more on giessener-allgemeine.de.

Because DarkSide’s leak site has been down since shortly after their attack on Colonial Pipeline, it is not possible to check whether Sommerlad had even been listed on their leak site, but there is a strong likelihood that it was never listed if the attack was on April 30. Unlike some other threat actors, DarkSide generally gave their pressure techniques and attempts at negotiation more time before listing targets on their site — and even then, they were very slow/reluctant to start dumping data.

But that doesn’t mean that they didn’t exfiltrate a lot of data that may still be in criminals’ hands. While some of their servers were reportedly taken down by hosts, DataBreaches.net learned today at at least one server was still live with victim data on it.  Whether Sommerlad was one of the victims whose data is on that server is unknown to DataBreaches.net.  But in their notice to affiliates, DarkSide told the affiliates that they were providing them with the decryption keys for the victims who had not yet paid, and that the affiliates were then free to do what they wanted — meaning that they could contact the victims directly and continue to try to extort them?

As of today, a notice on the furniture store’s web site asks customers for their understanding.

Reporting by Chum1ng0 and Dissent.

No related posts.

Category: Breach IncidentsBusiness SectorMalwareNon-U.S.

Post navigation

← Ca: Toronto plastic surgeon’s licence suspended over social media posts, surveillance of patients without consent
NY: Student names, vendor bank account info exposed in Buffalo Public Schools cyber attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.