[MART] - Daily Diary #416 - RansomEXX Hellmann Cyberattack

CTAS-MAT ctas-mat at appgate.com
Tue Dec 21 14:17:06 UTC 2021


I hope everyone is doing well!

Below is the entry for today.

12/21/2021 - Diary entry #416:

Hellmann, a German logistics giant company, suffered a cyberattack on December 9th. The attack impacted all connections to their data center. Now, their customers are reporting scams via fraudulent calls and spam. Meanwhile, Hellmann is still investigating and updating customers about the extent of the attack.

In a statement, Hellmann said its Global Crisis Taskforce discovered the attack but outside cybersecurity experts were called in to help with the response. They didn't confirm if it was a Ransomware attack nor responded to requests for comment. However, they confirmed on their website's "latest updates" page that data was extracted before their systems were taken offline on December 9.

In the meantime, the Ransomware group RansomEXX, also known as Defray777, and covered by many of our Daily Diaries, claimed responsibility for the attack. The threat actors published, on December 15, all stolen data on their wall-of-shame website, totaling 70.64GB of documents, credentials, correspondence, agreements, orders, etc.

The leaked data is available for anyone to download and, as reported, has been used on scams. Our team has access to and monitors RansomEXX wall-of-shame. It's possible to see that the Hellmann leak post has, until now, 11870 visits. There is also a spreadsheet screenshot containing plain text credentials - with weak passwords - belonging to different Hellmann-owned companies.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Tarijon de Almeida
Malware Analyst

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
C: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20211221/e0a6955a/attachment.htm>

More information about the MART mailing list