A ransomware gang has posted data stolen from Cardinal Logistics Management, a North Carolina trucking and logistics firm with a fleet of over 3,100 power units specializing in dedicated transportation services.
Cardinal Logistics would not confirm to FreightWaves that it had been targeted in a ransomware attack, calling the incident a “data event.” Private equity firm H.I.G. Capital, Cardinal’s owner since 2019, did not respond to a request for comment.
The data leak appeared on REvil hacking group’s blog on the dark web on Wednesday. The gang claimed its posting amounted to 1% of 700 gigabytes of data including “Financial documents, contracts, NDA, and employee data.” A portion released appears to contain thousands of files, including documents detailing the company’s finances, performance, customer relationships and extensive information about employees.
Ransomware gangs like REvil generally begin leaking data publicly after their victims refuse to pay ransom demands, which can sometimes run in the millions of dollars. The U.S. government and many security experts advise companies to refuse to pay.
Cardinal Logistics did not address a series of questions about the data leak and apparent ransomware attack, including whether it impacted its trucking operations. The company specializes in providing dedicated contract trucking services across multiple sectors, including health care.
“Cardinal Logistics Management Corporation was recently effected [sic] by a data event, which based on information currently available resulted in less than 1% of Cardinal’s data being impacted,” the company said in a statement to FreightWaves. “We continue to investigate this matter.”
Transportation and logistics firms ‘disproportionately affected’ by ransomware attacks
Brett Callow, a threat analyst with Emsisoft who closely monitors ransomware attacks, said groups like REvil generally steal more data than they initially publish, while companies themselves often don’t know the extent of the breach until a forensic examination is completed.
“I have never known a case where a ransomware group has completely bluffed,” Callow said.
Cardinal is just the latest in a growing number of companies in the supply chain targeted by ransomware gangs that infiltrate company systems, steal and encrypt data, and then extort the victims.
“Logistics companies do seem to be getting disproportionately affected by ransomware,” Callow said.
Another ransomware gang, Clop, recently posted data from Canadian fuel supplier Parkland Fuel Corp. and Allstate Peterbilt Group, a major Peterbilt truck dealership group based in Minnesota.
Since the summer, hackers have targeted an array of companies serving the global supply chain. The victims include Daseke, Manitoulin Transport, TFI International and CMA CGM.