Logistics giant Hellmann Worldwide Logistics has confirmed that attackers were able to exfiltrate data from its systems during a cyberattack earlier this month.
On Thursday, December 9, after detecting the breach, the company took down servers at its central data center, to isolate them from the rest of the environment and contain the incident.
Hellmann, which provides air and sea freight, rail and road transportation, and other services in 173 countries, was apparently targeted by RansomEXX ransomware, whose operators have already made available data allegedly stolen from the German company.
One their leak website on the Tor network, the hackers published 70.64GB of compressed data, in the form of 145 archive files that contain, among others, customer names, user IDs, emails, and passwords.
In an updated cyber incident statement published last week, the German company confirmed that the attackers stole data from its servers, although it did not provide details on the type of information that was compromised.
“The forensic investigation has meanwhile confirmed that data was extracted from our servers before our systems were taken offline on December 9. We are currently investigating what type of data was extracted and will proactively provide further information as soon as possible,” the company said.
However, Hellmann warned that its customers are experiencing an increasing number of fraudulent calls and emails following the incident, which suggests that malicious actors are already attempting to monetize the stolen information.
“Whilst communication with Hellmann staff via email and telephone remains safe (inbound and outbound), please make sure that you are actually communicating with a Hellmann employee and beware of fraudulent mails/ calls from suspicious sources, in particular regarding payment transfers, change bank account details or the like,” the company said.
Active since at least 2020, RansomEXX wasn’t previously engaging in data theft, but it appears that its operators are aligning with the double extortion trend in the ransomware landscape. A decryptor for RansomEXX has been available since late September 2021.
Related: Logistics Firm Hellmann Scrambling to Recover From Cyberattack
Related: Ransomware Affiliate Arrested in Romania
Related: Ransomware, Trojans, DDoS Malware and Crypto-Miners Delivered in Log4Shell Attacks