Companies in the logistics industry are still being hacked. There have been several major hacks in the past years. In most cases, these were ransomware attacks. What is ransomware?
Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.Wikipedia
- Shipping companies: Maersk was hit by a ransomware attack in 2017, COSCO in 2018, MSC and CMA CGM in 2020. In 2021 Royal Dirkzwager, a company supplying information on ship movements to more than 800 organizations was hacked and data was stolen.
- Logistics Service providers: In 2021 Total Quality Logistics, TFI International, Daseke, and Forward air were hacked, and last year Expeditors was hit.
- Post and parcel companies: In 2022 Yodel was hacked and the most recent one, at the start of this year, was Royal Mail in the United Kingdom
To Negotiate or Not to Negotiate, That is the Question
When confidential data is stolen, or when you are locked out of your systems, negotiating with hackers may be the only way out. There are companies specialising in these types of negotiations. They can also advise you on the gravity of your situation.
When you are locked out of your systems, how heavily have the hackers encrypted your systems? Is it possible to hack back? When this is not possible it is key to try and lower the amount of ransom that needs to be paid. Payment usually needs to be done with cryptocurrency, so it is next to impossible to track where the money has gone. The riskiest part of negotiating with hackers is whether you can trust them or not. When you transfer crypto currency you have to trust them to send you the key to unlock your files and systems.
A recent example of a company that refused to pay a ransom is Royal Mail. A hacker gang called LockBit was able to gain access to Royal Mail’s systems and lock them. The company refused to pay the ransom of $80 million the hackers were demanding. This happened in January, and since then Royal Mail has experienced several disruptions in service as a result of these hacks.
What logistics companies can do to guard against hackers
Systems and software: ensure your systems and software are always up to date.
People: make sure your people are aware of the risks and what they can do to minimise the chances of a cyber attack. Training and awareness are essential.
Strong security measures: ensure your employees use two-factor authentication and have strong passwords. Encrypt essential data, so it is useless in the event it gets stolen.
In a recent episode of the Does Logistics Matter? Podcast I had a conversation with Frank Breedijk, Chief Information Security Officer at Schuberg Philis, about cyber security, the impact of hacking on the logistics industry, what companies can do to revent it, but also what they can do when they do get hacked. You can listen to it through the player below, or in your favorite podcast app.