German mobile phone insurance, repair, and logistics provider Einhaus Group has disclosed the severe financial toll of a crippling ransomware attack in 2023. At its peak, the company had a presence in more than 5,000 retail outlets across Germany, working with major telecom players such as Deutsche Telekom and 1&1, and generating annual revenues of up to €70 million.

In 2023, the notorious ransomware group “Royal” infiltrated the company’s systems, encrypting crucial data — including contracts, billing information, and internal communications — and bringing operations to a standstill. 

The attackers left chilling messages via office printers warning, “the company had been hacked”, and locked down critical infrastructure. The breach resulted in operational paralysis, millions in lost revenue, and total damages reaching the mid-seven-figure range. Reports indicate Einhaus paid a €200,000 ransom in Bitcoin to recover its data.

German cybercrime authorities have since identified three suspects. Although prosecutors seized the ransom-paid cryptocurrency, the funds were never returned, leaving Einhaus unable to achieve a full recovery.

The aftermath has been severe — staff numbers have plummeted from around 170 to just eight, while the company has sold off property and investments to offset losses. Three subsidiaries, including 24logistics, have filed for insolvency, and mobile phone repair operations have ceased entirely.

Einhaus Group now joins a growing list of high-profile businesses shuttered by ransomware incidents, including the UK’s Knights of Old transport firm, Stoli USA, and Finland’s Vastaamo. The case underscores the increasing frequency and financial devastation of cyberattacks, particularly ransomware, for businesses worldwide.