conti attacks Frey and Winkler GmbH

Incident Date:

April 3, 2022

World map



conti attacks Frey and Winkler GmbH


Frey and Winkler GmbH




Benzstraaye, Germany

Kagsbach-Stein, Germany

First Reported

April 3, 2022

Frey and Winkler GmbH Hit by Conti Ransomware Attack

Company Profile

Frey and Winkler GmbH, a German company operating in the manufacturing sector, has been targeted by the Conti ransomware group. The attack was announced on the dark web leak site of the Conti group, which also claimed responsibility for the attack on Europe's biggest car dealer, Emil Frey.

Frey and Winkler GmbH is a manufacturing company with a focus on automobile-related businesses. The company has about 3,000 employees and generated $3.29 billion in sales in 2020. They are known for their expertise in the automotive industry and have been recognized as the number 1 car dealership in Europe based on revenue and the total number of vehicles for sale.

Vulnerabilities and Impact

The Conti ransomware group is known for its sophisticated attacks, which often involve IP obfuscation techniques to hide their payloads. The group has been active in targeting various industries, including healthcare and automotive. The impact of the attack on Frey and Winkler GmbH is not yet clear, but it is likely that the company's systems and data have been encrypted, and the attackers are demanding a ransom for their release.

Response and Mitigation

The company has not released a public statement regarding the attack or the measures they are taking to mitigate the damage. However, it is known that they have restored and restarted their commercial activity after the attack. It is essential for companies like Frey and Winkler GmbH to have robust cybersecurity measures in place to protect against such attacks, including regular backups, data encryption, and employee training on cybersecurity best practices.

The attack on Frey and Winkler GmbH by the Conti ransomware group highlights the ongoing threat of cyberattacks to businesses in various industries. Companies must remain vigilant and invest in robust cybersecurity measures to protect their systems and data from such attacks.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.