Pierluigi Paganini
June 20, 2025
German napkin maker Fasana filed for insolvency after a major cyberattack on May 19 paralyzed its systems, halting over €250K in orders the next day. The napkin factory is located in Stotzheim, Germany, and has 240 employees.
The company was forced to halt production and delay May salaries. The German napkin maker is estimated to have lost €2 million in two weeks following a cyberattack. Now insolvent, it is seeking a new buyer after being acquired in March.
The insolvency administrator said the cyberattack left Fasana unable to print delivery notes, completely paralyzing business operations.
“A cyberattack has potentially serious consequences for the approximately 240 employees of the Euskirchen-based company Fasana: The attack caused so much damage to the paper napkin manufacturer that it has now filed for insolvency.” states the insolvency administrator Maike Krebber. “On May 21, attackers penetrated the company’s systems. An employee who arrived at the company in the morning even found extortion notes in the printers.”
Fasana suffered a fast-spreading ransomware attack by a known group, locking systems and encrypting files. No gang claimed responsibility. Though the hackers were financially motivated, their entry method is unclear. Operations have since resumed, with deliveries and invoicing restarting last week.
According to the news outlet WDR, the company suffered a ransomware attack.
“As WDR learned from well-informed sources, the perpetrators are a group known to the police. They are said to have sent so-called ransomware to the company’s systems during the attack. This is malware that can lock computers and encrypt files.” reads the post published by WDR. “The software can spread extremely quickly, locking data until a ransom is paid to unlock it. According to the Kölner Stadt-Anzeiger newspaper, all of the factory’s printers reportedly spewed out extortion messages during the attack.”
At this time, no known ransomware group has claimed responsibility for the cyberattack. At the time of this writing, the company resument its operations, with deliveries and invoices restarting. The company has eight weeks to find a buyer.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Fasana)
