conti attacks Rettenmeier Holding AG

Incident Date:

March 31, 2022

World map



conti attacks Rettenmeier Holding AG


Rettenmeier Holding AG




Industriestra, Germany

Wilburgstetten, Germany

First Reported

March 31, 2022

Ransomware Attack on Rettenmeier Holding AG

Rettenmeier Holding AG, a prominent European manufacturer of solid wood products, recently fell victim to a ransomware attack orchestrated by the Conti group. This incident was disclosed on the group's dark web leak site. Rettenmeier Holding AG, with its headquarters accessible at, is a significant player in the manufacturing industry, employing around 1600 individuals and training 70 apprentices across six locations in Germany, Latvia, and Slovakia.

The company is renowned for its dedication to sustainability and adherence to zero-waste principles, utilizing all byproducts of their wood processing and recycling the bark. Equipped with modern scanner technology and a high-quality control system, Rettenmeier Holding AG ensures consistent product quality across its diverse range of offerings, which includes industrial wood, zunftholz, do it wood, outdoor wood, and energy wood, serving various industries and applications.

The specific vulnerabilities exploited in the attack on Rettenmeier Holding AG remain undisclosed. Nonetheless, it is widely acknowledged that ransomware groups like Conti frequently exploit outdated software, unpatched systems, and inadequate cybersecurity practices to infiltrate their targets' networks.

The Conti ransomware group is notorious for its global attacks on various organizations, leading to significant personal data breaches and ransom demands. This group has been implicated in numerous incidents affecting entities such as Inszone Insurance Services,, Baca County Feedyard, Inc., Robertson Cheatham Farmers, Samart,, PROCESS SOLUTIONS, Numotion, Siemens, Sermo, Schlesinger Law Offices, P.A., Robar Enterprises, Inc., Atlas Container Corporation, among others.

As of this writing, Rettenmeier Holding AG has not issued a public statement regarding the ransomware attack or detailed the steps being undertaken to address the situation. There is no information available on whether the ransom has been paid or if the company is collaborating with law enforcement or cybersecurity specialists to restore their data.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.