Cyber Incident Victim: Dussmann Group

On or around July 28, 2020, the Nefilim ransomware operation publicly leaked stolen data belonging to Dresdner Kühlanlagenbau GmbH (DKA), a subsidiary of German multi-service conglomerate Dussmann Group. The attackers claimed to have encrypted four domains within DKA’s network and exfiltrated approximately 200GB of archived data during the breach. Initial leaks consisted of two archives totaling 14GB, containing sensitive documents such as Word files, accounting records, AutoCAD drawings, and images. Dussmann Group confirmed the cyberattack targeted DKA, a refrigeration specialist employing 570 people, resulting in both data encryption and unauthorized copying of files. As a precautionary measure, the subsidiary’s servers were shut down following the incident. The company notified Saxony’s State Office of Criminal Investigation and relevant data protection authorities, concurrently filing criminal charges.

The attackers utilized stolen data as leverage, threatening public exposure via ransomware leak sites to pressure payment. Forensic analysis by cyber intelligence firm Bad Packets found no evidence of compromised VPN gateways or devices on DKA’s network, leaving the initial intrusion vector unconfirmed. Industry estimates suggesting 70-80% of breaches originate from exposed remote desktop services implied possible entry through unprotected RDP servers or phishing campaigns. Dussmann Group’s public response, communicated by Head of Corporate Communications Michaela Mehls, emphasized transparency in disclosing the subsidiary-specific breach while avoiding detailed operational impacts beyond server shutdowns and legal notifications. The incident exposed proprietary and operational documents from DKA’s systems but did not compromise parent company infrastructure directly. No further disclosures regarding ransom negotiations, financial losses, or long-term remediation efforts were confirmed in available reports.