Ransomware group claims attack on global maritime firm S5 Agency World

S5 Agency World, a global maritime logistics firm operating in more than 360 ports worldwide, has reportedly fallen victim to a ransomware attack attributed to the emerging Bert ransomware group. The attackers claim to have exfiltrated nearly 140 gigabytes of sensitive corporate data and have published samples on a dark web leak site to pressure the company into meeting their ransom demands.

The cybercriminals posted S5 Agency World’s name alongside data samples, including internal documents, inspection reports, employee vaccination records, passport copies, and other corporate materials. Researchers at Cybernews who examined the leaked samples confirmed their authenticity, although the released data represents only a fraction of the total allegedly stolen.

Headquartered in London, S5 Agency World plays a critical role in maritime logistics, acting as a local representative for shipping companies during port operations. Due to their central role in global shipping and supply chain continuity, companies like S5 are high-value targets for ransomware groups. Downtime caused by a cyberattack could disrupt port operations, delay cargo deliveries, and have cascading effects on global trade.

The ransomware group responsible for this attack, Bert, is a relatively new entrant to the cybercrime ecosystem. First identified in April 2025, Bert has quickly gained notoriety for its aggressive tactics and rapid operational growth. In just a few months, the group has targeted at least a dozen organizations, primarily in the healthcare and technology sectors, according to threat intelligence collected by CYFIRMA and tracked through Cybernews’ Ransomlooker platform.

Bert’s tactics reportedly include malware delivery through legitimate software supply chains, a method that increases the chance of successful infiltration by exploiting trusted vendor relationships. Cybersecurity analysts suggest that Bert’s adaptability and technical proficiency could position it as a significant threat within the expanding ransomware landscape.

The incident involving S5 Agency World comes amid a marked increase in ransomware activity. Cybernews reports that the number of active ransomware groups surged to 65 during the first quarter of 2025 alone, signaling a broader escalation in cybercrime targeting critical infrastructure and essential service providers.

S5 Agency World has not publicly confirmed the breach or disclosed whether it intends to negotiate with the attackers. The full extent of the impact remains unclear, including whether customer or partner data was affected. The company has also not commented on whether port operations have been disrupted as a result of the attack.