Dussmann Group has confirmed that one of their subsidiaries, Dresdner Kühlanlagenbau GmbH (DKA), recently suffered a ransomware attack and data was stolen.
Dussmann Group is the largest multi-service provider in Germany having subsidiaries focusing on facility management, corporate childcare, nursing and care for the elderly, and business systems solutions, including HVAC, electrical work, and elevators.
The Nefilim operators claim to have stolen unencrypted files before deploying the ransomware. These stolen files are used as leverage against victims to make them pay the ransom under the threat that the data will be publicly released on ransomware data leak sites.
The Nefilim operators have published two archives containing 14 GB worth of stolen files in their data leak site.
As per the file lists, these archives contain several documents, which includes Word documents, images, accounting documents, and AutoCAD drawings.
Dresdner Kühlanlagenbau GmbH (DKA), the refrigeration specialist is a subsidiary of the Dussmann Group and employs 570 staffs. As a precautionary measure, the servers were shut down and the data protection authorities and the State Office of Criminal Investigation in Saxony were informed and charges have been filed.
The operational processes in the business unit for refrigeration air-conditioning plant engineering are secure. All the clients and employees have been informed regarding the cyber-attack and the data outflow. More details about the incident is not available at the moment.
The Nefilim ransomware operators stated that they encrypted four domains and stole approximately 200GB of archives.
However, it is not known how the Nefilim operators got access to DKA’s network, and cyber intelligence firm Bad Packets was unable to find any vulnerable VPN gateways or devices located on their network.