Contracts and compensation claims can once more be handled by the liability fund.
Roßdorf near Darmstadt, August 4, 2025 — The mutual insurance association, a leading liability insurer employing around 380 employees nationwide, has successfully restored its operations following a ransomware attack that occurred on July 2nd-3rd.
The ransomware incident disrupted the company's digital interfaces, affecting their ability to manage employee portfolios, process contracts and claims, and create and submit new applications. However, the company has now restored these essential functionalities.
Torsten Wetzel, a board member responsible for customer service and claims settlement at the mutual insurance association, stated that the restored broker portal allows handling of relevant business cases based on current data. Employees can now access programs on the brought-back online computer systems, and the case handlers are reachable via email.
The mutual insurance association manages policies with a premium volume of over 200 million euros for customers, and they handle around 2 million active damage and accident policies. The company's improvised website, www.diehk.de, provides templates for employees to create and submit new applications.
Ransomware attacks remain a significant threat to insurance companies, including liability insurers. The incident response emphasises a coordinated approach, including multi-factor authentication, proactive backup and restoration strategies, and escalation protocols. Cyber insurance typically covers ransomware response and remediation costs, business interruption compensation, ransom negotiation support, and digital asset restoration assistance.
Many ransomware victims now resist ransom payments by relying on effective backups, resulting in faster restoration from backups rather than decryption through ransom payment negotiation. The cyber insurance market remains stable with sufficient resources to support ransomware claim recovery.
The timeline for full system restoration after a ransomware attack depends heavily on factors such as the robustness of the company’s backup systems, the effectiveness of incident response plans, insurance coverages in place, and cooperation with incident response vendors. The mutual insurance association is working on restoring their digital interfaces, with critical systems being gradually brought back online.
For more specific information about the current status and restoration timeline of a particular company or incident, checking official company statements, industry incident response reports, or cybersecurity news updates after August 4, 2025, would be necessary.
- Despite the ransomware attack causing disruptions in managing employee portfolios, processing contracts and claims, and creating new applications, the mutual insurance association has now brought back essential functionalities online.
- With their restored broker portal, the mutual insurance association can handle business cases using current data, allowing employees to access programs on the online computer systems and contact case handlers via email.
