October 15, 2020

Time is of the essence after ransomware attack


Logistics companies have done what they can to protect their employees from COVID-19, but has this shifted focus away from safeguarding other areas of operation? With many workforces continuing to work away from the office, company data may be at a higher risk of a ransomware attack.

If you’re unfamiliar with ransomware, consider yourself lucky. Ransomware is a form of malware that encrypts a victim’s files. Attackers usually hold company information hostage and demand victims pay a ransom in order to regain access and control of their data. In the transportation sector, hackers can shut down a fleet’s transportation management system (TMS), divert cargo from its destination or compromise sensitive trade secrets.

Understand that just because your company is small doesn’t mean that you aren’t on a criminal’s radar. Not a single company is immune. In 2019, it was estimated that 966 government agencies, health care providers and schools spent around $7.5 billion in costs related to cyberattacks, as reported earlier by FreightWaves.

Ransomware attacks on supply chain companies have been on the rise in recent months. The latest incident came last Friday as Daseke, the largest flatbed carrier in the U.S., became the victim of a large-scale cyberattack.

In last week’s attack, Daseke had thousands of internal files leaked to the dark web, including trip reports from truck drivers containing personal information. The culprits appear to be the Conti ransomware gang, which is allegedly responsible for previous attacks on other supply chain companies, including Manitoulin Transport, Axxess International and Beler Holdings.

Other sectors in the transportation industry have also been targets. Among a handful of container shipping companies targeted this year, CMA CGM, the world’s fourth-largest container shipping line, also fell victim to a ransomware attack in late September. The cyberattacker, “Ragnar Locker,” demanded CMA CGM pay a ransom in exchange for a decryption key to regain access to its files.

A sensitive information leak can lead to serious repercussions for every stakeholder in the company, including your clients. The last thing a customer wants to hear is that their personal information was compromised under your supervision.

So what should you do if you find yourself a ransomware victim? For starters, understand that time is of the essence. Jamie Cannon, Reliance Partners’ vice president of third-party logistics (3PL), stated that the average time it takes to recover from a ransomware attack and regain operation abilities is 33 hours. During this time frame, she asserts that your first priority must be to isolate the extent of the attack.

“Companies should assess the situation first to determine the extent of the attack and what’s been compromised in order to clearly notify customers of the situation,” Cannon said.

In order to curb the spread of the attack, Cannon recommends companies notify all employees of the attack and provide subsequent instructions for containing and isolating the situation. Keep in mind that ransomware often locks users out of their systems, making it difficult to assess the situation and locate the source of the attack. For this reason, companies are advised to disconnect all devices from the company network to mitigate the chance the attacker gains access to a greater number of files.

But criminals aren’t as interested in your data as they are your wallets. Ultimately, the goal of a ransomware attack is to receive payment through extortion. Cannon explained that criminals aim to cripple company systems because inoperability creates desperation. As debilitating as ransomware attacks can be, it’s advised to never pay a ransom.

Cannon explained that even if payment is made, there’s no guarantee that a company will regain its data. Plus, giving in to a hacker’s demand will label you as a known payer and only put your company at risk for another attack.

In addition, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) advises against paying ransoms. OFAC released an advisory on Oct. 1 stating companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.

“There’s only a very small percentage of companies that have seen success after they pay the ransom,” Cannon said. “If in a panic you pay the ransom, then it’s too late to do anything else even from an insurance standpoint.”

It’s best not to panic but instead know who to turn to for help. Cannon advises affected companies to contact local law enforcement and rely on their insurance providers to handle the situation.

Cyber liability insurance generally provides coverage against ransomware attacks as well as other cyber threats and covers most expenses associated with data recovery. With the proper coverage in place, insurance providers will help notify customers, cover public relations expenses as well as forensics, liability and defense costs. Cannon also noted that insurance providers will help restore the personal identities of affected customers, recover compromised data and repair company systems to regain operability.

“An ounce of prevention is worth a pound of cure,” Cannon said.

However, the best strategies are the ones that are implemented beforehand. Cannon urges logistics companies to have a plan as well as a backup plan before an attack occurs. This involves investing in cyber threat monitoring systems and making sure your backup system is secured in addition to educating employees on the deceitful tactics used by cybercriminals.

In fact, ransomware can infiltrate a company simply through the act of opening a suspicious email. Phishing is a common method used by hackers to gain access to company data. For example, an unsuspecting employee may receive an email from his “boss” asking to review a seemingly innocuous hyperlink or message them sensitive information. All it takes is one person to take the bait to put the entire company at risk.