lockbit2 attacks Berschneider

Incident Date:

May 23, 2022

World map



lockbit2 attacks Berschneider






Heisterbusch, Germany

Lüttow-Valluhn, Germany

First Reported

May 23, 2022

Berschneider, a Construction Sector Company, Suffers Ransomware Attack

Berschneider, a company operating in the Construction sector, has been targeted by the ransomware group Lockbit2. The attack was confirmed through a leak on the group's dark web site, which also revealed that the victim's website is https://berschneider.de. The company's website showcases their focus on producing various Lachsschinken-, Braten- and Geflügelspezialitäten for enjoyment. They operate in Valluhn, within the UNESCO Biosphärenreservat Schaalsee in Mecklenburg-Vorpommern.

Company Size and Industry Standout

Berschneider is a family-owned business that has not disclosed its size or specific industry standout factors. However, it is known for its diverse range of Lachsschinken-, Braten- and Geflügelspezialitäten, which suggests a focus on high-quality meat products.

Vulnerabilities and Targeting

The specific vulnerabilities that led to Berschneider being targeted by Lockbit2 are not publicly disclosed. However, ransomware attacks often exploit unpatched software, weak passwords, or phishing tactics to gain access to a system. Companies in the Construction sector are not immune to such attacks, as they often rely on digital tools and systems for operations and communication.

Lockbit2 and Ransomware Threats

Lockbit2 is a ransomware group that has been active since March 2023. The group has been increasingly active in recent months, targeting various industries, including construction and engineering, software and IT, and the automotive sector. Lockbit2 typically uses known vulnerabilities and off-the-shelf software to gain initial access to a system, and then uses tools like SoftPerfect Network Scanner and PowerShell to enumerate hosts and perform lateral movement.

Mitigating Ransomware Attacks

To mitigate the risk of ransomware attacks, companies should ensure their software is up-to-date, implement strong password policies, and provide regular cybersecurity training to employees. Additionally, companies should have a robust incident response plan in place, which includes regular backups and a plan for restoring data in the event of an attack.


  • "Lockbit 2.0: The Evolution of a Ransomware" - URL not found
  • "Cybersecurity Best Practices for the Construction Industry" - URL not found
  • "Understanding Ransomware and How to Protect Your Business" - URL not found

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.