Hellmann Worldwide suffered a ransomware attack that resulted in an increase in fraudulent calls and emails regarding payment transfer and bank account changes for its customers.
The attack happened on December 2021 and forced the logistics company to shut down its systems to contain the spread of the virus.
The actors exfiltrated sensitive files from the accessed servers and used it as a pressure lever in the ransom payment negotiation stage.
The actors published all the stolen data on their leak portal, totaling 70.64GB of documents, credentials, correspondence, agreements, orders, etc.
TPRM report: https://scoringcyber.rankiteo.com/company/hellmann-worldwide-logistics
"id": "hel22826822",
"linkid": "hellmann-worldwide-logistics",
"type": "Ransomware",
"date": "12/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Logistics',
'name': 'Hellmann Worldwide',
'type': 'Logistics Company'}],
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['documents',
'credentials',
'correspondence',
'agreements',
'orders']},
'date_detected': 'December 2021',
'description': 'Hellmann Worldwide suffered a ransomware attack that resulted '
'in an increase in fraudulent calls and emails regarding '
'payment transfer and bank account changes for its customers.',
'impact': {'data_compromised': ['documents',
'credentials',
'correspondence',
'agreements',
'orders'],
'downtime': 'Systems shut down',
'systems_affected': 'All systems'},
'initial_access_broker': {'data_sold_on_dark_web': True},
'motivation': 'Extortion',
'ransomware': {'data_exfiltration': True},
'response': {'containment_measures': 'Shut down systems'},
'title': 'Hellmann Worldwide Ransomware Attack',
'type': 'Ransomware'}