Ransomware: krybit claims www.mbt-energy.com (DE) — Energy

On June 13, 2026, a ransomware group known as krybit published a claim that it had breached the German energy company MBT Energy, listed on the ransomware.live leak site. The incident is categorized under the BREACH framework, indicating confirmed data exfiltration or system compromise. This publication serves as a public disclosure of the attack, likely including stolen data or threats to release it, and signals that the organization is under active extortion.

The primary affected entity is MBT Energy, a German energy sector firm, but the broader impact extends to the European energy infrastructure, which is classified as critical under EU regulations such as NIS2 and the Critical Entities Resilience Directive. Suppliers, partners, and customers of MBT Energy may also face secondary risks, including supply chain disruptions or data exposure. Regulators and national cybersecurity authorities in Germany and across the EU will be closely monitoring this incident.

Compliance teams should immediately verify whether their organization has any data-sharing or service agreements with MBT Energy and assess potential exposure. They must review incident response plans to ensure alignment with NIS2 reporting timelines, which require notification to competent authorities within 24 hours of becoming aware of a breach. Additionally, teams should reinforce ransomware defenses, including offline backups, multi-factor authentication, and employee phishing awareness, while preparing for possible regulatory inquiries or audits stemming from this sector-wide threat.