TellYouThePass ransomware revived in Linux, Windows Log4j attacks
Credit card info of 1.8 million people stolen from sports gear sites
CISA urges VMware admins to patch critical flaw in Workspace ONE UEM
All Log4j, logback bugs we know so far and why you MUST ditch 2.15
Upgraded to log4j 2.16? Surprise, there’s a 2.17 fixing DoS
The Week in Ransomware – December 17th 2021 – Enter Log4j
TellYouThePass ransomware revived in Linux, Windows Log4j attacks
Get your own virtual desktop with 54% off Shells subscriptions
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Hellmann Worldwide is warning customers of an increase in fraudulent calls and emails regarding payment transfer and bank account changes after a recent ransomware attack.
The attack took place on December 9 and forced the logistics company to shut down its systems to contain the spread of the virus.
However, by the time the firm’s IT team responded, the actors had already exfiltrated sensitive files from the accessed servers to be used as a pressure lever in the ransom payment negotiation stage.
Through an update on its site, Hellmann Worldwide admits that the forensic investigation that followed has confirmed a data breach but are still investigating exactly what was stolen.
In the meantime, they are receiving multiple reports from clients who are targeted by actors that exploit the stolen data.
As the company warns in the latest update:
“Please note that the number of so-called fraudulent calls and mails has generally increased. Whilst communication with Hellmann staff via email and telephone remains safe (inbound and outbound), please make sure that you are actually communicating with a Hellmann employee and beware of fraudulent mails/ calls from suspicious sources, in particular regarding payment transfers, change bank account details or the like.”
Hellmann Worldwide is an international logistics firm with a turnover of 2.53 billion Euros ($2.85 billion), 263 offices in 56 countries, 10,601 employees, and handles 16 million shipments per year.
Its partner network is even more extensive, encompassing another 20,500 agents in 489 offices, so the opportunities for BEC (business email compromise) scammers and phishing actors are practically endless.
Bleeping Computer has found that the actor responsible for the ransomware attack against Hellmann Worldwide is RansomEXX, a threat group currently undergoing a resurgence.
The actors published all the stolen data on their leak portal, totaling 70.64GB of documents, credentials, correspondence, agreements, orders, etc.
The publication of these files is an indication that the negotiations for the payment of a ransom have been concluded unsuccessfully.
Also, the fact that all this sensitive data is offered for download to anyone is directly relevant to the uptick in fraud calls and emails reported by Hellmann Worldwide.
Some notable ransomware incidents attributed to RansomEXX this year include attacks against:
In September this year, cybersecurity firm Profero released a working decryptor for RansomEXX infections, which may help victims of specific Linux-targeting strains.
Emotet starts dropping Cobalt Strike again for faster attacks
Volvo Cars discloses security breach leading to R&D data theft
Microsoft: These are the building blocks of QBot malware attacks
Data breach impacts 80,000 South Australian govt employees
Planned Parenthood LA discloses data breach after ransomware attack
Not a member yet? Register Now
Lenovo laptops vulnerable to bug allowing admin privileges
This image looks very different on Apple devices — see for yourself
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

SonicWall ‘strongly urges’ customers to patch critical SMA 100 bugs

Emotet now drops Cobalt Strike, fast forwards ransomware attacksSonicWall ‘strongly urges’ customers…

Utah medical center hit by data breach affecting 582k patients

US indicts Iranian hackers for Proud Boys voter intimidation emailsWinamp prepares a…

TikTok phishing threatens to delete influencers’ accounts

Windows 10 21H2 is released, here are the new featuresNew Rowhammer technique…

REvil ransomware affiliates arrested in Romania and Kuwait

State hackers breach defense, energy, healthcare orgs worldwideMediaMarkt hit by Hive ransomware,…