Daseke Inc. (NASDAQ: DSKE), the largest flatbed trucking company in the U.S., said on Friday that a recent cyberattack had targeted one of its operating companies after a ransomware group claimed it had stolen data from subsidiary E.W. Wylie.
Daseke offered few details about the incident but said in a statement to FreightWaves, “an unauthorized third party attempted to gain access to select servers” but did not impact operations.
“Upon discovering the potential incident, we took immediate action to stop the attack and remediate our systems,” Daseke said in the statement. “We promptly launched an internal investigation with the assistance of third-party cybersecurity partners to determine the scope of the incident and any potential impacts, and that investigation is ongoing.
Daseke disclosed the cyberattack after the Conti ransomware group posted files to the dark web, which it claimed had been taken from E.W. Wylie, one of Daseke’s carriers. The data posted by Conti appears to be from another company.
Daseke is the midst of a turnaround aimed at improving profitability and reducing debt. As part of its restructuring, the flatbed carrier has reduced its tractor count and consolidated its operating companies.
The company did not specifically address questions by FreightWaves about whether E.W. Wylie had been the target of a ransomware attack and whether it impacted the larger company.
Wave of ransomware attacks on the supply chain
In recent months, multiple ransomware attacks have targeted companies in the supply chain, including truckload carriers, customs brokers and logistics providers. An attack on French shipping giant CMA CGM on Monday led to a network outage.
“For some reason, supply chain companies are being disproportionately affected,” Brett Callow, a threat analyst with Emsisoft, told FreightWaves. “It could just be that they have crappier than average security.
Conti has successfully targeted other companies in the supply chain. It recently posted data stolen from Manitoulin Transport, one of Canada’s trucking companies.
Manitoulin had been targeted by Conti in July. The company ultimately decided not to pay the hacking group after concluding that it did not steal enough information to justify paying a ransom.
Unless the attacks are disrupted, the hackers will lock out systems and encrypt data, and then attempt to extort the victims by demanding payment in exchange for restoring access and increasingly a promise not to disclose the data.
Groups like Conti typically begin releasing data publicly only after companies refuse to pay a ransom. The leaks tend to be piecemeal.
It remains unclear what happened in the case of Daseke and E.W. Wylie. Callow speculated that Conti’s leak of data with no apparent connection to the company could have been intentional.
“I suspect that it may be a deliberate tactic,” he said. “The groups start losing negotiating power as soon as they publish data — and the more they publish, the more they lose. That, of course, is simply speculation. It could also be a simple error.”