Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Ransomware Operators Leak Data Stolen From Logistics Giant Hellmann

Logistics giant Hellmann Worldwide Logistics has confirmed that attackers were able to exfiltrate data from its systems during a cyberattack earlier this month.

Logistics giant Hellmann Worldwide Logistics has confirmed that attackers were able to exfiltrate data from its systems during a cyberattack earlier this month.

On Thursday, December 9, after detecting the breach, the company took down servers at its central data center, to isolate them from the rest of the environment and contain the incident.

Hellmann, which provides air and sea freight, rail and road transportation, and other services in 173 countries, was apparently targeted by RansomEXX ransomware, whose operators have already made available data allegedly stolen from the German company.

One their leak website on the Tor network, the hackers published 70.64GB of compressed data, in the form of 145 archive files that contain, among others, customer names, user IDs, emails, and passwords.

In an updated cyber incident statement published last week, the German company confirmed that the attackers stole data from its servers, although it did not provide details on the type of information that was compromised.

“The forensic investigation has meanwhile confirmed that data was extracted from our servers before our systems were taken offline on December 9. We are currently investigating what type of data was extracted and will proactively provide further information as soon as possible,” the company said.

However, Hellmann warned that its customers are experiencing an increasing number of fraudulent calls and emails following the incident, which suggests that malicious actors are already attempting to monetize the stolen information.

“Whilst communication with Hellmann staff via email and telephone remains safe (inbound and outbound), please make sure that you are actually communicating with a Hellmann employee and beware of fraudulent mails/ calls from suspicious sources, in particular regarding payment transfers, change bank account details or the like,” the company said.

Advertisement. Scroll to continue reading.

Active since at least 2020, RansomEXX wasn’t previously engaging in data theft, but it appears that its operators are aligning with the double extortion trend in the ransomware landscape. A decryptor for RansomEXX has been available since late September 2021.

Related: Logistics Firm Hellmann Scrambling to Recover From Cyberattack

Related: Ransomware Affiliate Arrested in Romania

Related: Ransomware, Trojans, DDoS Malware and Crypto-Miners Delivered in Log4Shell Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.