Clop Ransomware Operators Have Allegedly Struck Hodlmayr International AG, a Well-Established Vehicle Logistics Company – Data Leak!!

Update: As of 26 June 2020: Data leak of Hodlmayr continues, as the CLOP ransomware operators release data leak part 5 (around 100GB) of the company-:

The Clop ransomware operators are back in action by targeting a well-known logistics company based in Austria.

Founded in the year 1954, earning revenue of around € 300 million and having a workforce of more than 2,000 people, Hodlmayr International operates as a specialist in global vehicle logistics. Along with that, they offer tailormade solutions along the entire vehicle distribution chain, from the manufacturer to the vehicle dealer.

Based on the information leaked, it appears that the negotiation between the ransomware operators and Hodlmayr International failed, which made them leak part 1 of the company’s database. As per now, they leaked around 10GB of their sensitive data. Part 1 of the data leak seems to be a warning for the company to accept the terms of the ransomware operators.

The Cyble Research Team has identified and verified the data leak of around 10GB. The data leak includes sensitive corporate operational documents such as users’ details, snapshots of user IDs, email conversations, and much more. Below are few files from the lot being leaked by Clop ransomware operators.

As per our researchers, the data leak part 2 of the company seems to be released soon if the company does not take any action.

Update: As of 16 June 2020, the CLOP ransomware operators release data leak part 2 (around 10GB) of the company-:

Update: As of 17 June 2020, the CLOP ransomware operators release data leak part 3 (around 364GB) of the company-:

The company seems to have only 72 hours to contact the ransomware operators, otherwise it would lead to publish the data leak part 4 consisting of 500+GB confidential data.

Update: As of 24 June 2020, the CLOP ransomware operators release data leak part 4 (around 112GB) of the company-:

We recommend people to:

  • Never share personal information, including financial information over the phone, email or SMSs
  • Use strong passwords and enforce multi-factor authentication where possible
  • Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.
  • Turn-on automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic
  • Use a reputed anti-virus and internet security software package on your connected devices including PC, Laptop, Mobile

People who are concerned about their exposure in darkweb can register at AmiBreached.com to ascertain their exposure.

About Cyble:

Cyble is a US-based cyber threat intelligence company with the express mission to provide organizations with real-time views of their supply chain cyber threats and risks.