It was revealed by a Private Security company that Germany’s The Dussmann Group subsidiary, Dresdner Kühlanlagenbau GmbH (DKA), was targeted by Nefilim Ransomware Group for data breach. The Dussmann Group from Berlin, Germany, is one of the largest private multi-service providers worldwide and has been existing for 50 years. The company consists of 5 Group: company divisions: Facility Management. Technical Building Equipment and Engineering. Nursing and Care for the Elderly. It currently has 64,500 employees in 22 countries and said to have about 2.34 Billion Euros Total sales worldwide back in 2017.
The Nefilim Cybercriminals claimed that before even deploying the ransomware, they already have stolen unencrypted files from DKA.
As per their investigation, the leak that included in the first batch released by the group is around 15.7 GB in size, and the Cybercriminals have leaked 16,805 Dussmann Group’s files. The leak consists of corporate operational documents such as company’s claim settlement documents, necessary security mortgages document, legal contracts Cooperation and Project agreements, and much more.
These stolen data are used as leverage against DKA to pay the ransom; otherwise, the stolen data will be released on Ransomware Data Leak sites. The Nefilim Ransomware actors revealed to a Private Security firm that they have encrypted a total of four domains and acquired approximately 200GB of archives. As a precautionary measure, they have shut down the servers and informed the State Office of Criminal Investigation in Saxony, and charges have been filed.
The Dussmann Group’s Head of Corporate Communications Michaela Mehls mentioned that the refrigeration specialist, Dresdner Kuhlanlagenbau GmbH (DKA), has been the prey of a cyber-attack. At the same time, data was encrypted and transmitted back to the attacker during the attack. Dussman Group is the parent company of DKA. As a precaution, they shut down the servers. In response, they filed charges through the data protection authorities and the State Office of Criminal Investigation in Saxony.
The targeted subsidiary of Dussmann Group has also informed its employees regarding the attack and the data outflow.
The investigation is in progress in close communication with the Authorities and external Cyber-Security Experts. It’s unclear how the company was breached, but it’s more likely caused by exposed RDP ports, according to a Private Security firm.
Below are some steps to take to defend against RDP Abuse:
- Close unused RDP Ports.
- Make sure that only authorized users can gain RDP network admin access.
- Monitor the network from time to time to look for any signs of attacks.
- Failed Login attempts must be limited to the number of efforts to keep unauthorized logins at bay.