Ransomware Attack Targets Global Port Logistics Firm S5 Agency World
A new cybercrime group known as Bert ransomware has claimed responsibility for a data breach at S5 Agency World, a London-based port agency operating in over 360 ports worldwide. The attackers allege they have exfiltrated nearly 140 gigabytes of sensitive company data, which they are now using to pressure the organization into paying a ransom.
The company’s name recently appeared on a dark web leak site used by ransomware gangs to expose victims and coerce ransom payments. Such sites serve as staging areas where attackers leak portions of the stolen data to prove legitimacy and increase negotiation pressure.
Data Sample Appears Authentic, Says Research Team
To support their claim, the attackers posted multiple screenshots that appear to show sensitive internal information. Cybernews researchers analyzed the leaked samples and confirmed that the data appears to be genuine.
The sample includes:
- Internal inspection reports
- Employee COVID-19 vaccination records
- Copies of passports
- Company documents
Although the leaked portion is limited, it suggests that the attackers may possess a much broader range of sensitive materials that could cause serious operational and reputational harm if fully exposed.
Why Maritime Agencies Are Prime Targets
Organizations in the maritime logistics and port services sector are frequent ransomware targets. With shipping delays having the potential to disrupt global supply chains, cybercriminals view these businesses as more likely to pay quickly to avoid downtime.
“Cyberattack-related downtime is not an option for many of these organizations,” the report noted. “Shipping delays can form supply chain bottlenecks and negatively impact clients.”
This pressure makes logistics and maritime firms highly valuable targets for ransomware cartels.
Bert Ransomware: A New but Aggressive Player
Bert ransomware, first observed in April 2025, is a relatively new entrant to the ransomware landscape. Despite its short existence, it has already targeted over a dozen organizations.
According to dark web monitoring tool Ransomlooker, the number of active ransomware gangs surged to 65 groups in Q1 2025. Bert is part of a growing wave of newer gangs that are rapidly gaining ground by using sophisticated malware delivery techniques.
Security researchers have identified Bert’s strategy as relying on legitimate software supply chains to deploy malware. While it has shown early focus on healthcare and tech sectors, its recent pivot to maritime logistics shows its growing adaptability.
CYFIRMA experts noted that “the gang can evolve into a larger threat as it appears to adapt well to the current cybercrime landscape.”
