Forgot your password?
typodupeerror
Businesses

German Firm Files For Insolvency After Cybercriminals Shut Down Production For 6 Weeks (theregister.com) 20

German textile firm ZEGO has filed for insolvency and is blaming a March cyberattack that shut down production for nearly six weeks. "ZEGO's filing adds another name to the short but growing list of companies that say a digital break-in was commercially fatal to their business," reports The Register. From the report: In a notice to customers and suppliers, the organization said it had exhausted every available option before seeking insolvency protection. Managing director Johannes Zenglein described the filing as "one of the most difficult steps in our company's 37-year history." "The cyberattack of March 29, 2026, however, impacted our company to an extent that we could not fully compensate for despite our best efforts," Zenglein wrote. "The consequences resulted in a production outage of nearly six weeks and significant financial strain. These effects ultimately impacted our financial situation so severely that filing for insolvency became necessary."

ZEGO did not disclose what kind of attack it suffered, whether ransomware was involved, who was behind it, or whether customer or employee data was compromised. What it has made clear is that the operational disruption alone was enough to push the business beyond the point of recovery. ZEGO said insolvency proceedings have now been initiated, but insisted the filing does not necessarily spell the end of the business. It said it plans to keep production running while administrators attempt to restructure the business, preserve jobs, and keep customers and suppliers on board.

German Firm Files For Insolvency After Cybercriminals Shut Down Production For 6 Weeks

Comments Filter:
  • by ebunga ( 95613 ) on Monday July 13, 2026 @05:28PM (#66236972)

    If you've dealt with an incident, then you'll know the biggest impediment to recovery is the cyber insurance company forced on you. As soon as you declare an incident, your computers belong to them.

    • If you've dealt with an incident, then you'll know the biggest impediment to recovery is the cyber insurance company forced on you. As soon as you declare an incident, your computers belong to them.

      Personally I'd say the biggest impediment is not replacing the computers than are now forensic evidence. Is their some reason they could not get new systems to replaced the affected systems, to restore backups too?

      • Re: (Score:2, Troll)

        by rsilvergun ( 571051 )
        The article talked about the cost of customer confidence lost too. In other words even if they came back online the 6-week pause would have caused them to lose a bunch of customers. And they don't have the capital to get them back through advertising campaigns and discounts and such.

        It's actually terrifying how many businesses run at the absolute edge of margins and are perpetually on the verge of collapse. Like how any given city is 3 days away from chaos...

        We focus on the tech companies that are m
      • by znrt ( 2424692 )

        if a 37 year old company can't survive 6 weeks of shutdown and not even get credit to weather the storm and get back on their feet without defaulting on obligations it suggests to me they were already operating on fumes and the cyberattack and aftermath were just the final blow ... and ofc a very convenient explanation for that default.

        • Couldn't start a flood.

          Starting a fire with petrol is too expensive, especially in Germany.

          Downloading your own virus and nuking the IT infrustructure! Yup, that'll do it.

          • by znrt ( 2424692 )

            Starting a fire with petrol is too expensive, especially in Germany.

            and there goes my morning tea! well done ...

        • by AmiMoJo ( 196126 )

          6 weeks of shutdown for a manufacturing company is not something that is easily survivable. Customers will be looking for alternative suppliers, and many won't switch back. Contracts may have delay and non-fulfilment clauses. Few places are going to have 6 weeks of stock to cover such an event.

          What seems unforgivable is that it took 6 weeks to fix.

    • by N1AK ( 864906 )
      Are there really Cyber-Insurance vendors people are picking that don't include considerable cover for disruption? I've met with two IT leadership teams who've been through major incidents with two different insurance vendors where they had faced significant disruption; in both cases the insurer helped them source and deploy alternative infrastructure/services and were willing to spend a considerable amount to minimise the impact of the incident. The assumption is that this was motivated by the fact the insu
  • by Gravis Zero ( 934156 ) on Monday July 13, 2026 @06:06PM (#66237020)

    "The consequences resulted in a production outage of nearly six weeks and significant financial strain. These effects ultimately impacted our financial situation so severely that filing for insolvency became necessary."

    That's a funny way of explaining that they neglected to implement proper security measures and backup measures for decades.

    This is ultimately what wishful thinking and downplaying the importance of cybersecurity gets you.

    • That's a funny way of explaining that they neglected to implement proper security measures and backup measures for decades.

      The security measures I can forgive. Or, rather, I can extend them the benefit of the doubt. There are so many vectors and ins, I'm willing to issue a mulligan on that.

      But the backup... what is the difference between a ransomware attack and a hard drive failure? Only the predicate intent. The result is identical.

      So while I have room for tolerance for a security failure, I have no to

      • That's a funny way of explaining that they neglected to implement proper security measures and backup measures for decades.

        The security measures I can forgive. Or, rather, I can extend them the benefit of the doubt. There are so many vectors and ins, I'm willing to issue a mulligan on that.

        But the backup... what is the difference between a ransomware attack and a hard drive failure? Only the predicate intent. The result is identical.

        So while I have room for tolerance for a security failure, I have no tolerance for the aftermath. Anyone can get hit by it, but being harmed by it for more than a day, that's on them. Anything more than a day's down time to re-image every hard drive and firmware back to known good, is just simply incompetence.

        Not having a disaster recovery plan, which would include backups, restore procedures, etc, is a security failure. As was already mentioned, you cannot rely on rebuilding the same machines in the event of a security incident. Those machines will be required for forensics, sometimes whether you have insurance or not, for example if personal data is involved.

      • by AmiMoJo ( 196126 )

        Eh, HDD failure and ransomware are not the same things. If you have two HDDs in a mirror configuration, and one of them dies, you lose nothing. If you get ransomware, both are encrypted.

        If one machine suffers an SSD failure, you lose one machine and inconvenience one user. If your network is hit with ransomware, potentially it spreads to every machine and through file servers, affects all users.

        Obviously you should have a 321 backup system, but management tends to resist anything too robust. And even with t

  • Assuming (yes!) that the statement is truthful, it is yet another case of a business that failed to recognise the importance of information systems' security and have not survived (at least, in its present form). The generation of businesses that rely on IT and fail to protect their IT (proactive measures, mitigation of attacks, contingency plans, etc.) will inevitably die off.
    • by HiThere ( 15173 )

      And the main one should be "Never expose your critical information on the internet, or to any computer connected to the internet.".

      That's not sufficient, but it would eliminate most problems.

  • A bit short on technical details.
  • I'm surprised a textile firm would be that exposed to such things. Makes me think the company is trying to get out of some obligation, but I don't know much about German corporate law to speculate.

  • Maybe this will be a lesson to manufacturing as a whole that putting industrial control logic into the cloud has always been a retarded idea. Even if you have perfect security, your competition can still shut down your production by hiring a DDoS.

  • Nobody is immune, survival is about planning, and a bit of luck :
    In 2017 Maersk almost got destroyed: notPetya wiped their systems, including domain controllers. Luckily a power outage in ghana kicked the local DC offline during the attack, and thus the sole remaining copy was perserved. Talk about luck.

    https://www.wired.com/story/no... [wired.com]

  • I'm not sure that the cyber attack here killed the company or simply put it out of its misery. It didn't sound like it was in a healthy operating state.

An elephant is a mouse with an operating system.

Working...