{
	"id": "98aa3d9b-1eb3-4b25-8bed-1e224a524b3d",
	"created_at": "2026-04-06T00:18:48.413187Z",
	"updated_at": "2026-04-10T03:21:36.476846Z",
	"deleted_at": null,
	"sha1_hash": "40f5b029d1e6276155236d027ed1d31e993b4bd0",
	"title": "Business giant Dussmann Group's data leaked after ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2378530,
	"plain_text": "Business giant Dussmann Group's data leaked after ransomware attack\r\nBy Lawrence Abrams\r\nPublished: 2020-07-28 · Archived: 2026-04-05 13:50:53 UTC\r\nThe Nefilim ransomware operation has begun to publish unencrypted files stolen from a Dussmann Group subsidiary during\r\na recent attack.\r\nThe Dussmann Group is the largest multi-service provider in Germany with subsidiaries focusing on facility management,\r\ncorporate childcare, nursing and care for the elderly, and business systems solutions, including HVAC, electrical work, and\r\nelevators.\r\nThe company has confirmed to BleepingComputer that one of their subsidiaries, Dresdner Kühlanlagenbau GmbH (DKA),\r\nrecently suffered a ransomware attack where data was stolen.\r\nhttps://www.bleepingcomputer.com/news/security/business-giant-dussmann-groups-data-leaked-after-ransomware-attack/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/business-giant-dussmann-groups-data-leaked-after-ransomware-attack/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nNefilim publishes DKA's stolen data\r\nDuring the DKA attack, the Nefilim operators claim to have stolen unencrypted files before deploying the ransomware.\r\nThese stolen files are then used as leverage against victims to coerce them to pay the ransom under the threat that the data\r\nwill be publicly released on ransomware data leak sites.\r\nIn a post to their data leak site yesterday, the Nefilim operators have published two archives containing 14 GB worth of\r\nstolen files.\r\nAccording to the file lists, these archives contain numerous documents, including Word documents, images, accounting\r\ndocuments, and AutoCAD drawings.\r\nNefilim DKA data leak\r\nAfter learning about the data leak, BleepingComputer contacted Dussmann Group, who confirmed that their subsidiary,\r\nDKA, was breached and files were stolen.\r\n\"The refrigeration specialist, Dresdner Kühlanlagenbau GmbH (DKA) with 570 employees has been the target of a cyber\r\nattack during which data was encrypted and copied. DKA is a subsidiary of the Dussmann Group. The servers were shut\r\ndown as a precaution. The data protection authorities and the State Office of Criminal Investigation in Saxony have been\r\ninformed and charges have been filed.\"\r\n\"DKA is in close communication with the authorities and external cyber-security experts. Operational processes in the\r\nbusiness unit for refrigeration air-conditioning plant engineering are secure. DKA has already informed clients and\r\nemployees about the cyber-attack and the data outflow. Due to ongoing investigations, we cannot say more at\r\npresent,\" Michaela Mehls, Dussmann Group's Head of Corporate Communications, told BleepingComputer.\r\nhttps://www.bleepingcomputer.com/news/security/business-giant-dussmann-groups-data-leaked-after-ransomware-attack/\r\nPage 3 of 5\n\nThe Nefilim ransomware operators have told BleepingComputer that they encrypted four domains and stole approximately\r\n200GB of archives.\r\nIt is not known how the Nefilim operators gained access to DKA's network, and cyber intelligence firm Bad Packets was\r\nunable to find any vulnerable VPN gateways or devices located on their network.\r\nWith exposed remote desktop servers estimated to be responsible for 70-80% of all network breaches, the attackers likely\r\ngained access through an exposed server or a phishing attack.\r\nProtecting against ransomware attacks\r\nTo protect a network from being breached in ransomware attacks, administrators need a layered approach to securing their\r\nsystem.\r\nWith network breaches commonly be conducted via exposed remote desktop services, it is essential to make sure all RDP\r\nservers are only accessible over a company VPN.\r\nRansomware operations commonly target VPN gateways and devices to gain access to corporate and government networks.\r\nWith VPN gateways now exposed, they too need to be hardened and secured with the latest security updates and firmware\r\navailable.\r\nFinally, MFA should be enabled for corporate accounts, and Windows event logs should be monitored for unusual entries.\r\nMicrosoft has provided a summary on how to mitigate human-operated ransomware attacks that all system administrators\r\nshould become familiar with.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nhttps://www.bleepingcomputer.com/news/security/business-giant-dussmann-groups-data-leaked-after-ransomware-attack/\r\nPage 4 of 5\n\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/business-giant-dussmann-groups-data-leaked-after-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/business-giant-dussmann-groups-data-leaked-after-ransomware-attack/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/business-giant-dussmann-groups-data-leaked-after-ransomware-attack/"
	],
	"report_names": [
		"business-giant-dussmann-groups-data-leaked-after-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434728,
	"ts_updated_at": 1775791296,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/40f5b029d1e6276155236d027ed1d31e993b4bd0.pdf",
		"text": "https://archive.orkl.eu/40f5b029d1e6276155236d027ed1d31e993b4bd0.txt",
		"img": "https://archive.orkl.eu/40f5b029d1e6276155236d027ed1d31e993b4bd0.jpg"
	}
}