lockbit2 attacks Erdwärme Grünwald

Incident Date:

May 24, 2022

World map



lockbit2 attacks Erdwärme Grünwald


Erdwärme Grünwald




Tölzer Str, Germany

Grünwald, Germany

First Reported

May 24, 2022

Erdwärme Grünwald: A Pioneer in Geothermal Energy Targeted by Lockbit2 Ransomware

Erdwärme Grünwald, a pioneer in the geothermal energy sector, has been targeted by the Lockbit2 ransomware group, as announced on their dark web leak site. The company, which operates in the Energy, Utilities & Waste sector, has been recognized for its successful model and its role in the "Wärmewende durch Geothermie" campaign, which began in 2020.

Erdwärme Grünwald is a significant player in the geothermal energy market, with a total heat output of 40 MW and over 3,500 connected residential and commercial units. The company has been recognized for its innovative approach to energy production, focusing on sustainability and local energy production.

The company's website provides information on their geothermal energy projects, including their Geothermie-Schatz under Munich and the surrounding area. Erdwärme Grünwald has been successful in integrating geothermal energy into various sectors, including residential, commercial, and public buildings.

The Lockbit2 ransomware attack on Erdwärme Grünwald highlights the vulnerabilities of companies in the energy sector to cyber threats. While the specific details of the attack are not provided in the search results, it is clear that the company has been targeted by a sophisticated ransomware group.

The Lockbit2 ransomware group has been active since at least 2020, and their attacks have targeted various sectors, including law enforcement agencies, hospitals, and schools. The group has been known to use multiple ransomware variants, including LockBit, Babuk, and Hive.

Erdwärme Grünwald's success in the geothermal energy sector and their commitment to sustainability make them a valuable target for cybercriminals. As the energy sector continues to evolve, it is crucial for companies to prioritize cybersecurity measures to protect their operations and their customers' data.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.