Ransomware: krybit claims www.elumax.com (DE) — Business Services

On 3 June 2026, a ransomware incident involving the group "krybit" was publicly reported on the ransomware.live platform, claiming to have compromised www.elumax.com, a German business services firm. This publication under the BREACH framework signals that sensitive data may have been exfiltrated and could be leaked unless a ransom is paid. The event highlights an active threat to EU-based companies, particularly in the business services sector, and underscores the need for vigilance under GDPR and NIS2 obligations.

Organizations in the business services sector across the EU, especially those handling client data or operating critical infrastructure, are directly affected. German companies and their supply chains should assess whether they share data with elumax or similar targets. Compliance teams must also consider that ransomware attacks often precede regulatory scrutiny, as data breaches trigger mandatory notification to supervisory authorities within 72 hours under GDPR.

Compliance teams should immediately verify whether their organization has any data-sharing or vendor relationship with elumax. If so, initiate incident response protocols, preserve logs, and prepare breach notification documentation. For all organizations, this is a prompt to review ransomware preparedness: ensure offline backups are current, test incident response plans, and confirm that cyber insurance policies cover extortion and notification costs. Finally, monitor ransomware.live and relevant threat intelligence feeds for any leaked data that may require further action.