[Security Weekly] Logistics Giant Forward Air Hit by Newly Emerged Hades Ransomware
4th Week of December 2020
1. Logistics giant Forward Air hit by newly emerged Hades ransomware
Forward Air, a US-based logistics company that specializes in providing less-than-truckload (LTL) services to North American customers and cargo airlines, was hit by the Hades ransomware, a ransomware group that recently became active.
The attack hit Forward Air on December 18, forcing the company to shut down both its IT and OT (operational technology) systems to slow the spread of the ransomware. The official website was down and all its freight forwarders were unable to communicate with the control center. This caused significant shipping delays. Because the attack took place at the peak of the holiday shopping season, customers and airlines find it hard to look for alternative firms with left capacity.
On December 21, the company publicly confirmed that it was hit by ransomware via a filing with the Security and Exchange Commission (SEC), expecting to lose revenue as a result.
Operators of the Hades ransomware left a text document on Forward Air’s computers claiming responsibility for the attack and threatened the company to follow their instructions if it wanted to get its data back. The Hades ransomware is a new ransomware strain that only became active in late 2020, making this one of the first reported attacks conducted by the ransomware group.
2. UK energy supplier People’s Energy suffers data breach of entire customer database
People’s Energy, a Scottish-based energy company that serves 100% renewable energy to the UK, suffered a cyberattack that compromised its entire customer database consisting of both current and past customers.
After detecting the attack on December 17, People’s Energy immediately shut down its IT systems to prevent any further unauthorized access. Unfortunately, the hackers had already accessed its entire database containing over 270,000 customers. Leaked data included personally identifiable information (PII) like names, dates of birth, home addresses, phone numbers, People’s Energy account numbers, tariff information, and gas and electricity meter IDs. The breach also compromised the financial information of 15 small business customers.
The company had notified all its customers, and shared the details with the UK’s Information Commissioner’s Office (ICO) and National Cyber Security Center (NCSC). It is now working with cybersecurity experts to investigate the cause of the intrusion.
3. Flavour developer Symrise attacked by Clop ransomware, 500 GB of data stolen
Symrise AG, a German-based firm that designs and produces flavours and fragrances, suffered a double-extortion attack by operators of the Clop ransomware, who stole sensitive data before encrypting its systems. Symrise is a major player in the industry, designing flavours and fragrances for customers worldwide including Coca-Cola and Nestle.
In mid-December, German media reported that Symrise suffered a cyberattack that forced it to shut down its crucial IT systems. The Clop ransomware group later claimed responsibility for the attack, stating that it had stolen 500 GB of sensitive data from the company’s servers before encrypting over 1,000 devices.
Screenshots of the leaked data were posted on Clop ransomware’s official leak site. According to the screenshots, compromised data included accounting and auditing documents, confidential information of flavour and fragrance ingredients, as well as personally identifiable information (PII) of employees such as passport scans.
To learn about Penta Security’s advice on how to prevent a double-extortion ransomware attack, read: How to Defend Against Double Extortion Ransomware Attacks.
Source: Bleeping Computer
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: ISign+
Car, Energy, Factory, City Solutions: Penta IoT Security