Ransomware infection at German Dussmann Group

[German]A ransomware attack has occurred at the Dussmann subsidiary Kühlanlagenbau in Dresden. In the process, 200 GBytes of data were stolen. The perpetrators of the attack probably published 14 Gbytes of this data online.


The Dussmann Group from Berlin is the largest multi-service provider in Germany with subsidiaries specializing in facility management, operational childcare, geriatric care and nursing as well as business system solutions including HVAC, electrical work and elevators. With 64,500 employees in 22 countries, the Dussmann Group provides services for people, by people and is one of the largest private multi-service providers worldwide. There are five divisions of the Dussmann Group: Facility Management, Technical Building Services and Technology, Nursing and Care of the Elderly, Company Childcare, Media Trade. Here is the website of the group. 

Nefilim ransomware in use

Bleeping Computer reported here that the Dresden subsidiary Kühlanlagenbau was infected by the Nefilim ransomware (I got the information via email from Cyble Research Team). The Dussmann has confirmed the infection to Bleeping Computer. Documents from the company’s accounting and CAD department were taken from the company’s accounts before the ransomware started to encrypt.

Data published

During the attack on the Dussmann subsidiary, 200 GBytes of data were captured and uploaded onto servers of the cyber criminals. I received the link to this blog post from cyble security researchers by e-mail. During the ongoing Darkweb and Deepweb monitoring, the Cyble Research Team came across the post in which the data was put online. 


Currently, the ransom operators have published the data leak part 1 of the company’s data leak of about 15.7 GB. The data leak appears to consist of corporate operational documents, including the company’s claim settlement documents, documents relating to forced mortgages, legal contracts, cooperation and project agreements and much more. The company made the following statement to Bleeping Computer:


The refrigeration specialist, Dresdner Kühlanlagenbau GmbH (DKA) with 570 employees has been the target of a cyber attack during which data was encrypted and copied. DKA is a subsidiary of the Dussmann Group. The servers were shut down as a precaution. The data protection authorities and the State Office of Criminal Investigation in Saxony have been informed and charges have been filed.

DKA is in close communication with the authorities and external cyber-security experts. Operational processes in the business unit for refrigeration air-conditioning plant engineering are secure. DKA has already informed clients and employees about the cyber-attack and the data outflow. Due to ongoing investigations, we cannot say more at present.

So it hit a susidary of Dussman group, located in Dresden. The Nefilim ransomware operators told BleepingComputer that they encrypted four domains and stole about 200 GB of archives.



This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *