REvil Ransomware Operators Targets Universal Logistics Holdings, a Well-Known Multi-Faceted Logistics Provider – Data Leak

The REvil ransomware operators add another breach to their list. In this instance, they struck Universal Logistics Inc and downloaded their sensitive and highly confidential documents from the company’s database.

Founded in the year 2007, Universal Logistics Inc is a multi-faceted logistics provider with the capability to service all of your transportation requirements from ocean freight, airfreight and air courier to trucking services, customs brokerage, warehousing and distribution. Given the opportunity, Universal Logistics can help the companies achieve significant savings while maintaining, if not improving, their service experience in all aspects of the user’s logistics needs. At Universal Logistics, they have identified that there exists a tremendous need for a reliable company that can handle shipments in a cost-effective and professional manner. Universal Logistics was born under this vision to provide dedicated service organizations such as yours the service that you deserve to receive. Their firm is built on a foundation of customer service and support. This is reflected in their dedicated, 24-hour service (7 days a week). In addition, Universal Logistics’s wide-ranging clientele includes the following business sectors: aerospace; banking; entertainment; technology; computer; electronics; health; and insurance. They are proud to say that Universal Logistics repeatedly gets rave reviews from all of their clients because we are willing to go that extra mile for them.

As per now, the ransomware operators have posted a sample of files and data of the company being downloaded by them. As per the Cyble Research Team, this small data leak from the large lot (around 500 GB) seems to be a warning for the company to accept the terms of the ransomware operators. Unfortunately, if the terms are not being accepted by the Universal Logistics Inc, then the REvil ransomware operators seem to leak a large lot of sensitive data of the company. Below is the snapshot of the message and the list of files being posted by REvil ransomware operators. The ransomware operators have posted a list of files highly sensitive and confidential files and data of the company. Cyble’s researches have examined this data leak which includes corporate operational data such as Non-Disclosure Agreements, Invoices, Drug Tests, Personal Data, and many more.

Below is the snapshot of the message and the list of files being posted by REvil ransomware operators.

We recommend people to:

  • Never share personal information, including financial
    information over the phone, email or SMSs
  • Use strong passwords and enforce multi-factor
    authentication where possible
  • Regularly monitor your financial transaction, if you
    notice any suspicious transaction, contact your bank immediately.
  • Turn-on automatic software update feature on your
    computer, mobile and other connected devices where possible and pragmatic
  • Use a reputed anti-virus and internet security software
    package on your connected devices including PC, Laptop, Mobile

People who are concerned about
their exposure in darkweb can register at to ascertain their

About Cyble:

Cyble is a US-based cyber threat
intelligence company with the express mission to provide organizations with
real-time views of their supply chain cyber threats and risks.




Scroll to Top