Content

Nefilim gang leaks files stolen from Dussmann Group subsidiary

By now, it’s a familiar refrain, ransomware operators publishing documents after pinching them from a vulnerable company – this time the victim was a subsidiary of Germany’s Dussmann Group, a sprawling multiservice provider, and the attacker, Nefilim’s operators.

The ransomware gang pinched files, including AutoCAD drawings, Word documents and accounting docs from refrigerator specialist  Dresdner Kühlanlagenbau GmbH (DKA), according to a BleepingComputer report, which said the Nefilim operators had posted two archives with 14GB of files to their leak site.

“This data-leak scenario with Dussmann Group illustrates the importance of not only protecting access to data but also protecting the data itself,” said Trevor Morgan, product manager at comforte-AG. While protecting access from outsiders is important, “it does not account for the fact that given enough time and persistence, threat actors can penetrate beyond perimeter security into the protected environment,” he said. “Also, it also does not take into consideration “inside jobs” in which threat actors are already on the inside.”

Andrea Carcano,  co-founder of Nozomi Networks, believes the trend of threatening to publish stolen files in “an attempt to gain leverage” will “unfortunately” continue, pointing to findings in the Nozomi OT/IoT Security Report.

“Given that threats are increasing and constantly changing, it’s important to maintain high cyber resiliency and fast response capabilities,” Carcano said. “It’s a daunting task, but not impossible.”

Nefilim emerged last March from the operators of ransomware as a service (RaaS) Nemty, which was shuttered less than a year after it began operating.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.