23 December 2020

Hades ransomware hits US trucking giant Forward Air, causes shipping delays


Hades ransomware hits US trucking giant Forward Air, causes shipping delays

The US trucking and freight logistics company Forward Air has been targeted in a ransomware attack by a new ransomware group called Hades that has impacted the company's operational and information technology systems and caused shipping delays for customers.

In a Securities and Exchange Commission filing the company said that the incident took place on December 15, 2020, but did not provide details on who is the culprit behind the attack, or what ransom the attackers demanded to restore access.

“On December 15, 2020, Forward Air Corporation detected a ransomware incident impacting its operational and information technology systems, which has caused service delays for many of its customers. Promptly upon its detection of the incident, the Company initiated response protocols, launched an investigation and engaged the services of cybersecurity and forensics professionals. The Company has also engaged with the appropriate law enforcement authorities,” Forward Air said.

“Although the company is actively managing this incident, it has caused and may continue to cause a delay in parts of the company’s business and may result in a deferral or loss of revenue as well as incremental costs that may adversely impact the Company’s financial results” the trucking giant added.

A text file left on Forward Air computers by the hackers suggests that the attack is the work of the Hades ransomware crew, a relatively new player on the ransomware scene. The ransomware note did not name a ransom for restoring access, but instead contained a link to a site on the dark web and instructions for initiating contact with the group.

According to security researchers, the Hades ransomware gang resembles other groups that have extorted companies around the world.

Once infecting the system, the ransomware creates a ransom note named 'HOW-TO-DECRYPT-[extension].txt' similar to notes used by the REvil ransomware group. The ransom note includes a URL unique to each victim, which leads to a Tor site containing information about the attack and a Tox messenger address for contacting the attackers.

Back to the list

Latest Posts

FBI warns of ongoing vishing attacks seeking to steal corporate credentials

FBI warns of ongoing vishing attacks seeking to steal corporate credentials

Cybercriminals use VoIP platforms to target company employees.
19 January 2021
IObit forum hacked in a DeroHE ransomware attack

IObit forum hacked in a DeroHE ransomware attack

It is unknown, how the hackers managed to compromise the forum, but it is possible that they gained access to an administrative account.
19 January 2021
OpenWrt Project discloses data breach

OpenWrt Project discloses data breach

The hackers gained access to an administrator account on the OpenWrt forum and stole a copy of the user list.
19 January 2021
0 дней, 0 часов, 2 минуты, 47 секунд142 дня, 21 час, 21 минута, 18 секунд