Security Experts:

Connect with us

Hi, what are you looking for?



Ransomware Operators Leak Data Stolen From Logistics Giant Hellmann

Logistics giant Hellmann Worldwide Logistics has confirmed that attackers were able to exfiltrate data from its systems during a cyberattack earlier this month.

Logistics giant Hellmann Worldwide Logistics has confirmed that attackers were able to exfiltrate data from its systems during a cyberattack earlier this month.

On Thursday, December 9, after detecting the breach, the company took down servers at its central data center, to isolate them from the rest of the environment and contain the incident.

Hellmann, which provides air and sea freight, rail and road transportation, and other services in 173 countries, was apparently targeted by RansomEXX ransomware, whose operators have already made available data allegedly stolen from the German company.

One their leak website on the Tor network, the hackers published 70.64GB of compressed data, in the form of 145 archive files that contain, among others, customer names, user IDs, emails, and passwords.

In an updated cyber incident statement published last week, the German company confirmed that the attackers stole data from its servers, although it did not provide details on the type of information that was compromised.

“The forensic investigation has meanwhile confirmed that data was extracted from our servers before our systems were taken offline on December 9. We are currently investigating what type of data was extracted and will proactively provide further information as soon as possible,” the company said.

However, Hellmann warned that its customers are experiencing an increasing number of fraudulent calls and emails following the incident, which suggests that malicious actors are already attempting to monetize the stolen information.

“Whilst communication with Hellmann staff via email and telephone remains safe (inbound and outbound), please make sure that you are actually communicating with a Hellmann employee and beware of fraudulent mails/ calls from suspicious sources, in particular regarding payment transfers, change bank account details or the like,” the company said.

Active since at least 2020, RansomEXX wasn’t previously engaging in data theft, but it appears that its operators are aligning with the double extortion trend in the ransomware landscape. A decryptor for RansomEXX has been available since late September 2021.

Related: Logistics Firm Hellmann Scrambling to Recover From Cyberattack

Related: Ransomware Affiliate Arrested in Romania

Related: Ransomware, Trojans, DDoS Malware and Crypto-Miners Delivered in Log4Shell Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack