DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

De: Darkside threat actors attempted to extort Möbelstadt Sommerlad

Posted on May 15, 2021 by chum1ng0
Malfunction Notice -- German
IMAGE: DATABREACHES.NET
Sommerlad Notice - English
IMAGE: DATABREACHES.NET

Möbelstadt Sommerlad is a retail furniture store in Germany. This week, its managing director, Frank Sommerlad, disclosed that they had been the victim of a ransomware attack and extortion attempt. Marc Schäfer reports Sommerlad’s statement (machine translation):

“We got away with it with a black eye,” says Frank Sommerlad, managing director of the R. Sommerlad GmbH & Co. KG furniture store. “We will have to replace up to 400 hard drives on our computers, but we can open again on Friday in the Schiffenberger Tal.”

On the night of April 30th, the furniture store was attacked by professional hackers with a so-called ransomware attack. Despite the existing protection of the IT, all of the company’s servers were encrypted and backups deleted, the Möbelstadt writes in an email to its customers.

As of yesterday’s report, the firm did not yet know whether data has been leaked, but they encouraged their customers to change any passwords.

According to the rest of their statement, it was DarkSide threat actors who were responsible for the attack and ransom demand.

Read more on giessener-allgemeine.de.

Because DarkSide’s leak site has been down since shortly after their attack on Colonial Pipeline, it is not possible to check whether Sommerlad had even been listed on their leak site, but there is a strong likelihood that it was never listed if the attack was on April 30. Unlike some other threat actors, DarkSide generally gave their pressure techniques and attempts at negotiation more time before listing targets on their site — and even then, they were very slow/reluctant to start dumping data.

But that doesn’t mean that they didn’t exfiltrate a lot of data that may still be in criminals’ hands. While some of their servers were reportedly taken down by hosts, DataBreaches.net learned today at at least one server was still live with victim data on it.  Whether Sommerlad was one of the victims whose data is on that server is unknown to DataBreaches.net.  But in their notice to affiliates, DarkSide told the affiliates that they were providing them with the decryption keys for the victims who had not yet paid, and that the affiliates were then free to do what they wanted — meaning that they could contact the victims directly and continue to try to extort them?

As of today, a notice on the furniture store’s web site asks customers for their understanding.

Reporting by Chum1ng0 and Dissent.


Related:

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
Category: Breach IncidentsBusiness SectorMalwareNon-U.S.

Post navigation

← Ca: Toronto plastic surgeon’s licence suspended over social media posts, surveillance of patients without consent
NY: Student names, vendor bank account info exposed in Buffalo Public Schools cyber attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Global hack on Microsoft product hits U.S., state agencies, researchers say
  • Inquiry launched after identities of SAS soldiers leaked in fresh data breach
  • UK sanctions Russian cyber spies accused of facilitating murders
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.