Cyberattacks have become one of the top risks facing U.S. businesses, and trucking and logistics companies are no exception. Despite the increasing sophistication of these attacks, it’s still tempting to dismiss the threat — to think it’ll never happen to you. But the danger is very real and must be taken seriously by transportation firms of all sizes.
Just ask Bay & Bay Transportation, a trucking and logistics company based in Eagan, Minn.
Its chief information officer, Wade Anderson, shared a harrowing account of a recent ransomware attack against the company and offered advice on how to improve cybersecurity last month at the Transportation Intermediaries Association’s 3PL Technovations conference in Tucson, Ariz.
On July 12, Bay & Bay was hit with a variant of the “I Apologize” ransomware, which locked up the servers and desktop computers the company uses to manage its fleet of 300 trucks and demanded payment to decrypt those critical systems.
Bay & Bay’s IT staff initially attempted to restore its systems, but the process suddenly stopped as an active hacker thwarted their efforts and backup points started disappearing right before their eyes.
From there, Anderson, who was in his first week on the job as Bay & Bay’s CIO, realized the company’s IT department was “outgunned” by the hackers. “They had us by the throat. They really did.”
After consulting with numerous cybersecurity experts, contacting a legal firm and even speaking with the FBI, Bay & Bay decided the best course of action was to pay the ransom.
On July 14, the company made a Bitcoin transfer to the attackers, who then provided the keys to unlock Bay & Bay’s systems. Anderson said the ransom was a five-figure sum, and the company’s total investment in the recovery effort was into six figures, which was partially covered by its insurance.
Bay & Bay was able to recover 98% of its information, Anderson said, and most importantly, forensic analysis showed that none of its data was stolen or transferred off-site.
An investigation afterward determined that the hackers had infiltrated Bay & Bay’s network and staged the attack for 12 hours prior to launching the ransomware, Anderson said.
The hackers were able to gain access through a common firewall opening via a remote desktop protocol, a common account with a guessable name and free-to-download password cracking software.
Since then, Bay & Bay has been working diligently to improve its cyberdefenses, a task that all transportation firms should be pursuing.
Anderson recommended that companies start by immediately reviewing their firewall access control lists, changing all defaults and checking their remote desktop access.
Beyond that, transportation firms should establish and reinforce an information security policy and create a culture of data protectionism.
“Your data is sacred,” Anderson said. “Whether you’re in IT or not, one of our most important jobs is to protect the data of our employees, our customers, our carriers.”
Cybersecurity is a task that is never complete, but companies can significantly lower their risk through investment and employee training.
“You’re never going to be 100% secure,” Anderson said. “A hacker can get into anything. It doesn’t matter how secure you think you are. There’s always a way.”
What’s important, he said, is to make sure that you’re not a “soft target,” so hackers will move on to easier marks.
In the end, Bay & Bay’s horror story did have a silver lining.
“We learned a lot,” Anderson said. “We used it as a catalyst to make ourselves better, stronger.”
Since Bay & Bay had the courage to talk about its experience publicly, hopefully it also can serve as a wakeup call for the industry at large.
Transportation companies of all types should heed this cautionary tale and take steps to improve their stance on cybersecurity before they encounter a similar nightmare.