Logistics Giant Hellmann Worldwide Announces Information Leakage Following RansomEXX Ransomware Attack

news

Hellmann Worldwide has learned that it recently suffered a ransomware attack and is warning customers about an increase in fraudulent phone calls and emails regarding payment transfers and bank account changes.

IT Infrastructure
To demonstrate our efforts regarding Cyber Security and the professionality of IT service delivery, Hellmann undergoes several external audits conducted by reco...

Our operations have largely resumed and we are confident that we will be able to resolve any remaining limitations and return to full operations soon.

However, our forensic investigation has confirmed that data was compromised from our servers prior to the system outage on December 9th. We are currently investigating what data was extracted and will proactively provide more detailed information as soon as possible. We are in regular contact with the relevant government agencies.

The attack occurred on December 9, and the logistics company was forced to shut down its systems in order to control the spread of the virus.

By the time the company’s IT team responded, the attackers had already exfiltrated sensitive files from the servers they had accessed and used them as a means of blackmail during the ransom payment negotiation phase.

Hellmann Worldwide has acknowledged via their site that a subsequent forensic investigation confirmed the data breach, but they are still investigating what was stolen.

On the other hand, we have received multiple reports from customers who are being targeted by attackers who are exploiting the stolen data.

The company is up to date with the latest status report

Please be aware that there has been a general increase in the number of fraudulent phone calls and emails. While it is safe to communicate with Hellmann’s staff via email or phone, please make sure you are actually communicating with a Hellmann’s employee and be aware of scam emails and phone calls from suspicious sources, especially regarding the transfer of payments or changes to bank account details.

Hellmann Worldwide is an international logistics company with sales of €2.53 billion ($2.85 billion), 263 offices in 56 countries, 10,601 employees and handles 16 million shipments annually.

Their partner network is even more extensive, employing 20,500 agents in 489 offices, making the opportunities for BEC (business email compromise) scammers and phishing attacks virtually limitless.

Criminal statement by RansomEXX

We have learned that the ransomware attack against Hellmann Worldwide was carried out by RansomEXX, a now-resurrected threat group.

This attack group published all the stolen data on their leak portal, which contains a total of 70.64 GB of data, including documents, credentials, communications, contracts, and orders.

The release of these files indicates that negotiations to pay the ransom have been unsuccessful.

And the fact that these sensitive data are being made available for anyone to download is directly related to the spike in scam calls and emails reported by Hellmann Worldwide.

This year, ransomware allegedly involving RansomEXX includes the following.

  • French health insurance company MNH
  • Ecuadorian state-owned telecommunications company CNT
  • Italian COVID-19 vaccination registry portal
  • Taiwanese motherboard manufacturer Gigabyte

In September of this year, cybersecurity firm Profero released a RansomEXX decryption tool that may be useful to victims of certain viruses targeting Linux.

Comments

タイトルとURLをコピーしました