Cyber-attack against Marabu


© Marabu

During the night from 28 November to 29 November 2019, Marabu was the victim of a targeted cyber-attack. The company’s defined security routines subsequently caused all systems, including those of subsidiaries, to be shut down worldwide. As a result, the organisation was essentially cut off from the outside world for six days, as not only email and the Internet but also telephones and faxes were unable to operate without network connectivity.

"Although our well-prepared emergency plans and security systems worked effectively, there was no preventing some of the data on our servers from being encrypted and therefore initially unusable for us,” explains Stefan Würtemberger, Marabu CIO. 

The German Federal Criminal Investigation Agency (Bundeskriminalamt, BKA) was notified immediately, and is providing advice and assistance throughout. Investigations are continuing.

"For us, it was a matter of principle that we would not cede to potential demands for ransom payments; instead we did everything we could to recover the systems ourselves. This meant we knowingly accepted that we would have to work manually in many areas where it is normal to have IT process support,” emphasised York Boeder, Marabu CEO.

Production and development employees were largely able to continue with their work. They were able to make do with paper lists and copies. "The willingness of the entire workforce to improvise and to roll up their sleeves was overwhelming”, stated Rolf Simon, Managing Partner at Marabu.

Marabu and its IT service providers will need some time to recover all data. In particular, reestablishing connectivity to subsidiaries is ongoing. "The past few days have been immensely stressful for both internal and external staff. But we are now confident that the hard work everyone put in day and night has been worthwhile, and that we will manage this challenge with our own resources,” highlighted Würtemberger. "And we have learned some valuable lessons. Even if there is no such thing as 100% security, we are convinced that an attack of this kind would not be possible a second time.”