Transportation (Includes Logisitcs, Shipping, Maritime, Rail, Trucking)

February 20, 2022: Global Freight Forwarding Company, Expeditors Intl., hit by Ransomware Attack.

Seattle-based logistics giant Expeditors International said it had shut down most of its operating systems in response to a cyberattack disclosed Sunday, raising fears of further stress on already fragile global supply chains, reported the WSJ. Speculation has focused on the possibility that hackers froze the systems for ransom, but Expeditors has not described the exact nature of the attack. In a statement, the freight-forwarding company said it currently has a “limited ability” to conduct operations, including arranging freight shipments and managing customs and distribution activities.
The company expects the cyberattack will have a material adverse impact on its business, revenues, expenses, results of operations, cash flows and reputation.

August 5, 2022: Supply Chain Cyberattack Closes Ontario Cannabis Retail Corporation (OCS) Warehouse for Days.

Ontario Cannabis Store (OCS) said on August 9 it still can’t fulfill or deliver new orders after a cyber incident at the U.S. parent company of its distribution partner, Domain Logistics. As a result of the incident OCS has had to close its warehouse. The OCS says there is “currently no indication that OCS systems or its customers’ information was targeted or compromised as a result of this attack.”

Legacy Supply Chain - U.S. parent company of Domain Logistics - detected unusual activity on its network on August 5th. The IT network and a number of applications were taken offline "impacting order processing for a small number of Legacy customers".

December 9, 2021: Ransomware Attack at German Supply Chain & Logistics Giant

A cyberattack forced Hellman Logistics to temporarily remove all connections to their central data center. The company said the shut down was having a "material impact" on their business operations. "Operations will be restored step by step, with the security and integrity of the systems as the top priority."

BleepingComputer reported last week that ransomware group RansomEXX has claimed responsibility for the attack. After negotiations with Hellmann fell apart, the group published 70.64 GB of stolen documents on their leak site that included business agreements, intra-company emails, and more, the outlet explained. They added that the leaks explained the increase in scam calls.

May 24, 2022: SpiceJet’s (Low Cost Airline in India) Systems and Operations impacted by Ransomware Attack

Low-cost Indian airline SpiceJet has informed its customers today of an attempted ransomware attack that has impacted some of its systems and caused delays on flight departures. According to the announcement published on the airline's social media channels, its IT team managed to thwart the attack, so everything is back to normal operational status. However, multiple customer reports on Twitter and Facebook still reflect ongoing problems, highlighting flight delays, saying that customer service via phone is unreachable, and the bookings system remains unavailable. BleepingComputer confirmed at the time of writing that only the homepage of SpiceJet was working, while most underlying systems and webpages failed to load.

In 2021, SpiceJet went through severe financial trouble result of grounding its fleet due to COVID-19 restrictions. It is easy to assume that this dire financial situation didn't leave much margin for investing in cybersecurity and incident response, which might be what allowed the ransomware actors in this case to launch a successful attack. (reports - link below)

July 14, 2021: 600 Ticketing Kiosks Offline with Ransomware Attack at Northern Train.

A ransomware attack at publicly owned rail operator Northern Trains left self-service ticketing booths offline. Customers were able to continue purchasing tickets with cell phone apps, in physical ticketing booths and on the website.

"This is the subject of an ongoing investigation with our supplier, but indications are that the ticket machine service has been subject to a ransomware cyberattack. Working with the supplier, we took swift action and the incident has only affected the servers which operate the ticket machines. Customer and payment data has not been compromised." A representative for Northern Trains referred further questions on to Flowbird Transport, which provides the ticketing system in question, telling us "it's their system that's been affected."

October 28, 2021: Toronto Transit Commission Systems Down After Ransomware Hit

The Toronto Transit Commission's Wheel-Trans online booking portal, trip-planning apps and other communications systems down after the transit agency was hit by a ransomware attack. The TTC first learned about the hack Thursday night when an IT employee found “unusual network activity." The TTC said the attack was initially “minimal” but then became progressively worse by mid-Friday. TTC resorted to emergency radio communications backup system to maintain communication with vehicle operators. Online ride booking service was also disrupted, but passengers could still book rides by telephone.

TTC continues to investigate ransomware attack

October 31, 2021: Ransomware Attack at Maritime IT Company Danaos Propagated to Greek Shipping Companies

Several Greek shipping companies fell victim to a cyber attack on Halloween over the weekend, resulting in the loss of important files. The companies affected used the communication systems of Danaos Management Consultants and came in direct contact with the company. Reportedly, the cyber attack blocked their communication with ships, suppliers, agents, charterers and supplies, while at the same time the files with their correspondence were lost.

Danaos Management Consultants sent instructions to its customers, asking them among other things to back up critical files to external hard drives. Danaos is among the oldest maritime IT companies and could face litigation.

December 9, 2021: Cyberattack Shut Down Oahu Transit Services

Oahu Transit Services suffered a cyberattack causing a “mass disabling of online servers” for TheBus and TheHandi-Van systems. City officials said they are working with the FBI, the Secret Service, and Honolulu police as those agencies investigate.

The cyberattack on Oahu’s bus system “has the trappings” of being a ransomware attack, according to Roger Morton, director of the Department of Transportation Services, although it is still being investigated. Morton said that to his knowledge, no personal information from TheBus or TheHandi-Van riders using the HOLO card has been compromised. “The HOLO card information that we do have is contained in a city server, not an OTS (Oahu Transit Services) server, and there’s no evidence that there has been any intrusion into the city system,” he said.

Unable to access, view, or print the day’s customer reservations, OTS fell back to schedule reservations manually urging customers to call for same day reservations starting from 5:00am.

July 2, 2021: Iran’s Rail Service Delayed with Fake Messages

Iran's railroad system came under cyberattack on July 2, a semi-official news agency reported, with hackers posting fake messages about train delays or cancellations on display boards at stations across the country.
The hackers posted messages such as “long delayed because of cyberattack" or “canceled" on the boards. They also urged passengers to call for information, listing the phone number of the office of the country’s supreme leader, Ayatollah Ali Khamenei. Israeli cybersecurity firm Check Point attributed the train attack to a group of hackers that called themselves Indra, after the Hindu god of war.

February 3, 2022: Ransomware Attack at Swiss Airport Services Firm

Swissport, the world’s largest airport ground services and cargo handling company, fell victim to a ransomware attack.
The Zurich-based firm said it spotted the hack early on Feb. 3 to contain potential damage to its IT systems. Some flights were delayed at Zurich airport and passengers are being warned of further potential disruption.
Swissport’s website was forced offline by the cyberattack and the company said some services had been affected for passengers and freight.

Pin It on Pinterest

Scroll to Top