Walltopia Hit by Cyberattack — Ransom Demand and 50,000 BGN Reward for Information
What Happened
Bulgarian climbing-wall manufacturer Walltopia has been hit by a major ransomware-style cyberattack, reportedly carried out by the Chinese-linked hacker collective “Warlock Group.”
The attackers infiltrated dozens of servers, encrypted parts of the company’s infrastructure, and disrupted operations across its IT environment — including emails, websites, and internal systems.
According to company founder Ivaylo Penchev, the hackers sent an email identifying themselves and demanding ransom, but Walltopia has refused to pay.
Instead, Penchev offered a 50,000 BGN reward for information leading to the identification or capture of the perpetrators.
Thanks to a three-layer backup and security system, the company has preserved its core data and is currently in the process of restoring normal operations.
Why It Matters
This is one of the most significant confirmed cyber incidents targeting a private company in Bulgaria in 2025.
It highlights the growing cyber risk to industrial and manufacturing sectors, where digital infrastructure is deeply integrated with production.
The attack shows how criminal groups now target intellectual property, designs, and operational continuity, not just data.
The case also exposed challenges in incident coordination between private organizations and national institutions.
Public authorities follow strict legal procedures for evidence handling, which often means that official digital investigations start later, once initial documentation is complete.
DIAMATIX Perspective
“In the first hours after an attack, speed and precision matter most.
While institutional processes follow their due course, companies need a parallel digital-forensics capability to preserve evidence and limit damage.”
— DIAMATIX CISO
Unlike standard incident response, digital forensics (DFIR) enables organizations to:
Identify initial access vectors and attacker behavior;
Extract and analyze metadata and residual traces, even after encryption;
Preserve digital evidence for law-enforcement or insurance processes;
Restore critical system logs to understand what happened and when.
Through our Digital Forensics & Incident Response (DFIR) and MDR as a Service, DIAMATIX helps organizations act within minutes — not days — enabling evidence-based response and rapid containment.
“The first 24 hours define the difference between control and chaos.”
Recommended actions for similar organizations:
Ensure offline and immutable backups are available and regularly tested.
Apply network segmentation between IT and OT environments.
Use MDR/SOC monitoring for early detection and rapid containment.
Conduct incident response simulations (IR drills) regularly.
Maintain a crisis communication policy to ensure transparency and trust.
Update – November 5, 2025
A few days after disclosing the cyberattack, Walltopia announced that it has restored normal operations across nearly all systems and data, thanks to its multilayered protection and rapid internal response.
Founder and CEO Ivaylo Penchev confirmed to Forbes Bulgaria that the company’s factories never stopped production, and its U.S. and China operations remained unaffected.
This proactive, transparent approach reflects both technical preparedness and ethical resilience, setting an example for other organizations facing similar threats.
DIAMATIX Update Perspective
“Walltopia’s recovery proves that resilience isn’t measured by the absence of incidents, but by the precision and integrity of the response that follows.
Transparent communication, layered recovery planning, and timely forensics are the real antidotes to ransomware.”
— DIAMATIX Expert Team
From DIAMATIX’s perspective, the Walltopia case highlights three key lessons for any organization:
Transparent incident communication builds stakeholder trust and reinforces accountability;
Layered backup strategies (on-site, off-site, and cloud) accelerate recovery and limit data loss;
Real-time digital forensics helps trace intrusion vectors and prevent recurrence.
Sources
DarikNews – Walltopia hit by ransomware attack; owner offers 50,000 BGN reward
- Forbes Bulgaria – “Walltopia Restores Nearly All Systems and Data Following Cyberattack” (November 5, 2025)
Ready to go further?
Experience how continuous detection and response enhance compliance in action with MDR 360°.
→ Request MDR 360° Demo
