Security Experts:

Connect with us

Hi, what are you looking for?



Ransomware Operators Leak Data Stolen From Logistics Giant Hellmann

Logistics giant Hellmann Worldwide Logistics has confirmed that attackers were able to exfiltrate data from its systems during a cyberattack earlier this month.

Logistics giant Hellmann Worldwide Logistics has confirmed that attackers were able to exfiltrate data from its systems during a cyberattack earlier this month.

On Thursday, December 9, after detecting the breach, the company took down servers at its central data center, to isolate them from the rest of the environment and contain the incident.

Hellmann, which provides air and sea freight, rail and road transportation, and other services in 173 countries, was apparently targeted by RansomEXX ransomware, whose operators have already made available data allegedly stolen from the German company.

One their leak website on the Tor network, the hackers published 70.64GB of compressed data, in the form of 145 archive files that contain, among others, customer names, user IDs, emails, and passwords.

In an updated cyber incident statement published last week, the German company confirmed that the attackers stole data from its servers, although it did not provide details on the type of information that was compromised.

“The forensic investigation has meanwhile confirmed that data was extracted from our servers before our systems were taken offline on December 9. We are currently investigating what type of data was extracted and will proactively provide further information as soon as possible,” the company said.

However, Hellmann warned that its customers are experiencing an increasing number of fraudulent calls and emails following the incident, which suggests that malicious actors are already attempting to monetize the stolen information.

“Whilst communication with Hellmann staff via email and telephone remains safe (inbound and outbound), please make sure that you are actually communicating with a Hellmann employee and beware of fraudulent mails/ calls from suspicious sources, in particular regarding payment transfers, change bank account details or the like,” the company said.

Active since at least 2020, RansomEXX wasn’t previously engaging in data theft, but it appears that its operators are aligning with the double extortion trend in the ransomware landscape. A decryptor for RansomEXX has been available since late September 2021.

Related: Logistics Firm Hellmann Scrambling to Recover From Cyberattack

Related: Ransomware Affiliate Arrested in Romania

Related: Ransomware, Trojans, DDoS Malware and Crypto-Miners Delivered in Log4Shell Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...