A manager at a trucking company shares what it was like to be the victim of a ransomware attack. Here is his story and the lessons other businesses can learn from it.
It was a Monday morning that George won’t soon forget. Around 6 am, an employee notified him about the problems he was having with his computer. When George investigated, he got a big surprise. The computer had been infected with ransomware.
George recently shared his experience with ransomware on FreightWaves to help other trucking companies realize how dangerous these attacks can be. However, any type of business can gain valuable insights from his account. Although “George” is a pseudonym, his story is real.
George manages a small trucking and logistics company that is located in a small town in the United States. George assumed that the business would not be an attractive target for ransomware gangs because of its size and location. He was wrong.
While it is not yet known how the ransomware gang initially accessed and infected the company’s computers, what happened next is hard for George to forget. After the ransomware disabled the security software, it encrypted the files on the company’s server and on other computers that were not powered down over the weekend. The ransom note left on the infected machines indicated that the company had to pay $300,000 to get the key to decrypt the files.
Through its insurance carrier, George explored the possibility of negotiating a smaller ransom with the gang. George was told that the ransom could potentially be reduced by about 40%, which would mean paying $180,000 to get the decryption key.
The business decided not to pay the ransom for two main reasons. First and foremost, it had recent backups of its files and systems, so it did not need the decryption key to get its files back. Second, the company was not using trucking dispatch software to keep track of customers’ workloads. Instead, George manually tracked workloads on a paper-based spreadsheet, so this information was not encrypted by the ransomware.
Since the trucking company had not given into the gang members’ demands, they upped the ante. To further pressure the business into paying the ransom, the gang members sent emails threatening to publicly expose some data they had stolen before encrypting the company’s files. As proof of the breach, the emails included samples of stolen data as well as screenshots from within the business’s transportation management system software.
While the threat of a data leak worried George, finding out that the gang members had infiltrated the company’s transportation management system software was more troublesome. It meant that they could potentially sabotage trucking operations.
Despite the data-leak threat, the trucking company still refused to pay the ransom. In response, the gang carried out its threat and posted the stolen data on the dark web.
The trucking company has notified its customers about the data breach. George and many other employees are hoping that it won’t result in any lost business. The company has also significantly stepped up its security efforts to prevent future attacks.
There are two important takeaways from the trucking company’s ransomware attack:
- Businesses should not erroneously assume they are too small to be targeted by ransomware gangs. Small businesses are typically easy targets because they often do not have the resources to implement comprehensive security systems. Plus, there are far more small businesses to attack than large ones. Rather than spending a lot of time and effort going after the large fruit at the top, ransomware gangs often target the smaller, low-hanging fruit because it is plentiful and easier to pick.
- Ransomware gangs are increasingly stealing data before encrypting it to further pressure companies into pay the ransom. If a business refuses to pay up, they threaten to publicly post the stolen data. This might pressure some companies into paying the ransom if they are concerned about customers, suppliers, and other groups finding out about the attack, especially if the stolen data includes personal information.
The bottom line is that, no matter their size, companies need to take the threat of ransomware seriously. Having comprehensive security systems in place to prevent ransomware attacks (and associated data breaches) is the best way to avoid becoming the next victim.