Press releases

Cyber attack on the KISTERS Group: Expiry of the ultimatum and publication of captured data


Aachen, 30 November 2021: In the night of 11 November 2021, the IT company KISTERS was the victim of a cyber attack. The criminal attackers secured access to the company's data through an orchestrated ransomware attack, encrypted it and threatened to publish the captured data. The corresponding ultimatum has expired.

The relevant data protection authorities have already been informed. Since KISTERS will not get involved in such blackmail attempts, the publication of the captured data is to be expected. As soon as information is available as to whether customer data is affected, KISTERS will seek immediate direct contact with those affected. At the same time, the IT company will continue to work closely with the security authorities, who will consistently pursue possible publications of data material by the hackers as a criminal offence.

Transparent communication is crucial for the KISTERS Group. "The security of our customers and business partners is our top priority. We will therefore share all relevant information with the public immediately," says board member Klaus Kisters.KISTERS is working at full speed on a return to regular operations and regularly informs on its website about new findings concerning the criminal attack. In the meantime, many employees of the KISTERS Group can be reached again via their personal e-mail addresses and telephone numbers. Software support is also available again under the familiar contact details. In addition, the email addresses and service numbers listed on the website are still working. The reloading of customers' cloud systems as well as the extensive virus checks of customers' systems are making good progress.

KISTERS IT systems already had a high level of protection objectively certified by ISO standard 27001 in the past. Conclusions and measures for the future are of course being derived from the extensive analysis of the attack, which is still ongoing at the moment. Valuable information from customers who have had similar experiences will also be incorporated.

Klaus Kisters continues: "In the past few days, we have received a lot of encouragement from customers and business partners for our decision not to respond to the blackmailers' financial demands. The path we have taken to rebuild our IT infrastructure in order to exclude compromises according to the current state of the art has also met with broad approval. I would like to express my sincere thanks for this."

Cyber attack on KISTERS AG 


In the night from 10 to 11 November 2021, the IT company KISTERS AG (Aachen/Germany) became a victim of a cyber attack. According to current knowledge, the attackers gained access to the computer network of the software provider for sustainable resource management systems via an orchestrated ransomware attack despite a strong security system.

Immediately after discovering the attack, KISTERS called in the criminal investigation department and the German Federal Office for Information Security (BSI) and informed the relevant supervisory authorities. In addition, a team consisting of IT specialists and forensic experts immediately started to analyse how the attackers were able to penetrate the network despite the company's extensive, multi-level and certified security precautions. The investigation is still ongoing.

Currently, the company has no access to its own IT system, as it has been completely shut down to prevent further damage. Accordingly, the company can temporarily neither be reached via e-mail nor via landline telephone, but only via the mobile numbers of colleagues. As far as possible, KISTERS’ customers have already been informed personally about the attack and the possible consequences as well as the measures taken or will be informed as soon as access to the systems allows it again.

At the moment, KISTERS AG cannot make any statements about which data is affected by the attack. "Transparency is the most important thing for us in this situation. We will inform our customers clearly and openly when we know what data is affected and when we can return to normal business operations," says Managing Director Klaus Kisters.

Currently, all experts are working in crisis mode. "For the time being, it is important for us to be quickly available again for our customers on all channels. We are working on this at full speed," Klaus Kisters continues. "In the next step, we will do everything we can to be able to work again and to gain knowledge so that we, but also other companies, can protect themselves even better in the future."