Hellmann Worldwide Logistics firm warns customers of BEC attacks

January 28, 2022
Hellmann Worldwide Logistics Firm Warns Customers BEC Attacks

After the latest ransomware incident, Hellmann Worldwide Logistics warned its customers of increased business email compromise (BEC) schemes regarding payment transfer and bank account alterations.

The ransomware attack happened earlier in December 2021 and forced Hellman to shut down its systems to mitigate the spread of the virus. However, by the time the company’s resident cybersecurity addressed the incident, the threat actors had already stolen sensitive information from the compromised servers to leverage in the ransom negotiation.

Through the latest update on their official website, the logistics firm admits that further investigation has revealed a data breach but is still evaluated on what is stolen by the threat group. According to the firm, they are garnering several reports from the affected customers’ information in the meantime.

Also, the company released a statement that these fraudulent phishers have dramatically increased for the past couple of weeks since the breach’s discovery. The company said that their customers should make sure that they communicate and make transactions with a Hellmann employee and be vigilant with fraudulent calls/emails from sketchy sources. Furthermore, the firm specified that payment transfers and bank account alterations are serious red flags that customers should always be wary about since the logistics firm’s office employees will not request such things.

Hellmann Worldwide Logistics is a globally known logistics company with a turnover of approximately $2.8 billion, 263 branches across 50 countries, over 10,000 employees, and manages about 16 million shipments annually.

Hellmann’s affiliate network is also extensive, comprising another 20,000+ agents in almost 500 offices, so the likelihood of business email compromise scams is remarkably high.

 

The ransomware attack against Hellmann Worldwide Logistics is claimed by a threat group known as RansomEXX.

 

A cybersecurity researcher has discovered that the threat actor responsible for the ransomware attack against Hellmann Worldwide is RansomEXX.

They also found out that RansomEXX has already published all the stolen data from Hellmann, such as the 70 GB worth of documents, credentials, correspondence, orders, transactions, agreements, and more. These leaked stolen documents were posted on the threat actor’s leaking site.

The stolen data’s publication implies that the ransom transaction is unsuccessful since the threat actors have released all their leverage against the logistics firm. Furthermore, all the leaked sensitive information is offered for download to anyone relevant to the increase in fraudulent calls and emails directed towards Hellmann Worldwide’s customers.

About the author