Hackers hit the trucking and logistics industry hard in 2020. Many of the cyberattacks involved ransomware — essentially a vehicle for extortion.
Ransomware attacks aim to cause as much operational disruption as possible by encrypting data. Hackers then demand victims pay to restore access. Increasingly, so-called double extortion ransomware attacks are leveraging data theft and the threat of public release — or sale — of the data.
Ransoms can run in the millions of dollars. The attacks often never become public, particularly when companies opt to pay. Frequently, companies that heed law enforcement advice and refuse to pay are left dealing with the fallout of extensive disclosures of data.
FreightWaves reported on an array of ransomware and other cyberattacks during the year. They included companies with thousands of trucks and others with just a handful. Here are five of the most important ones.
5. Total Quality Logistics: Breach exposes partner carriers
Mystery still shrouds what happened at freight brokerage Total Quality Logistics in February. The Cincinnati-based company said hackers had breached its IT system and compromised sensitive information of some carriers. It even led to a carrier lawsuit alleging negligence in the hacking incident. The company insisted that the attack did not involve ransomware or malware of any kind. Regardless of what was behind the hack, TQL offers a cautionary tale about the potential repercussions of cyberattacks beyond the company itself.
4. TFI International: The high price of not paying after ransomware attack
An August ransomware attack targeted TFI International, one of the largest trucking and logistics companies in North America. While the attack itself appears to have impacted only TFI’s Canada parcel and courier subsidiaries, including Canpar, the impacts are staggering. The subsidiaries resorted to manually sorting. It ended up costing TFI about $6 million in quarterly operating revenue. It appears that the company did not pay the attackers, who responded by leaking internal data to the dark web.
3. Daseke: Truckers’ personal information exposed after cyberattack
The August ransomware attack on Daseke, the largest flatbed trucking company in the U.S did not appear to result in operational disruption seen at Forward Air. But the Conti ransomware gang stole a significant amount of data from subsidiary E.W. Wylie and posted it to the dark web, in an apparent response to the company refusing to pay the ransom. Troublingly, it included extensive personal data on current and former truck drivers. According to the company’s last quarterly financial report, the attack did not result in any material loss.
2. Forward Air: ‘Hades’ ransomware gang brings multimodal disruption
The Tennessee-based trucking and logistics company was targeted by a new and relatively unknown ransomware gang called Hades in December. The attack directly or indirectly led to widespread disruptions across Forward Air’s public-facing and internal operations systems. For days, customers weren’t able to book loads. While Forward is far from the largest trucking and logistics firm in the U.S., it provides an essential link to airlines’ cargo operations and has no peer that was immediately able to pick up the slack. While the company appears to be well on its way to normal operations, it remains to be seen whether Hades successfully stole data and how it might leverage it. Reached by FreightWaves, the hacking group declined to discuss the Forward attack but was eager to discuss leaks of data in other industries.
1. CMA CGM: An attack felt globally
The September ransomware attack on France-based shipping giant and CEVA logistics owner CMA CGM offered a very public glimpse of what hackers can do in the supply chain. The attack was first detected in a shipping subsidiary, but the company ultimately disabled its entire core IT systems in response. Most of the disruption happened with e-commerce operations. Some functions were down for two weeks, but the impacts reflected the global scope of the company. In November, CMA CGM disclosed that the cost of the attack could cost up to $50 million. The Ragnar Locker ransomware reportedly targeted the company, according to Lloyd’s List, but the hackers has yet to publicly release any data.