Cybersecurity Vulnerabilities at Reederei Jungerhans: Lessons from the Ransomware Attack

Incident Date:

May 1, 2024

World map



Cybersecurity Vulnerabilities at Reederei Jungerhans: Lessons from the Ransomware Attack


Reederei Jungerhans


Ra Group


Haren, Germany

, Germany

First Reported

May 1, 2024

Ransomware Attack on Reederei Jungerhans by RA Group

Company Profile

Reederei Jungerhans, officially known as Jüngerhans Maritime Services GmbH & Co. KG, is a prominent German shipping company with a history spanning over 120 years. Based in Haren, Germany, the company specializes in operating a fleet of heavy multipurpose (MPP) ships. Over the years, Reederei Jungerhans has transitioned from traditional ships to modern MPP, container feeder, and heavy lift vessels, positioning itself as a leader in the German shipping industry.

Details of the Ransomware Attack

The RA Group, a ransomware syndicate known for using the leaked Babuk ransomware code, has claimed responsibility for the attack on Reederei Jungerhans. The attack resulted in the exfiltration of approximately 424 GB of sensitive data, including legal and financial documents, customer information, and employee records.

RA Group's Modus Operandi

The group is notorious for its double extortion tactics, where they not only encrypt the victim's files but also threaten to publish the stolen data if their demands are not met. The group uses a variety of infiltration methods, including phishing, exploiting software vulnerabilities, and using stolen remote access credentials. Their ransomware is known for appending the ".GAGUP" extension to encrypted files and for using robust encryption algorithms like curve25519 and eSTREAM cipher hc-128.

Potential Vulnerabilities and Entry Points

While the exact method of infiltration used in the attack on Reederei Jungerhans has not been confirmed, RA Group's known tactics suggest possible vulnerabilities in the company's network security. These could include insufficiently secured remote access points, outdated software systems, or phishing susceptibility among employees.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.