The call came in around 2 am on April 9, 2019. Hackers had attacked the computer network at J&M Tank Lines Inc, and they were demanding a $350,000 ransom to be paid in Bitcoin in exchange for releasing control of the system.
That was the beginning of a two-week struggle by the Birmingham, Alabama-based tank truck carrier to defeat the ransomware attack and regain control of the network. It was a tough and expensive fight to defeat the attack and purge the ransomware virus from the system.
By 5:30 am that Tuesday, April 9, IT personnel at J&M Tank Lines had regained control of the company’s computers, internet, and email. By 8:30 am, the carrier had reported the incident to the Federal Bureau of Investigation.
There was still damage to fix to get the system fully back online. The constant backup system had been fried, and J&M Tank Lines couldn’t process paychecks that were due at the end of the week, or invoice customers.
“We finally had to use an older batch backup and pay drivers from the previous week’s settlements,” says Harold Sumerford Jr, chairman of J&M Tank Lines. “We had to back-load a week’s worth of data, and we found problems with one of our backup systems. Then, 60 days from the initial attack, our system crashed again. The hackers had installed a shut-down switch.
“In addition to the FBI, we brought in three groups of consultants to study the event and build a recovery strategy. They went through 2 billion lines of data to clear out the Ryuk virus. We found that the hackers had been in our system for months after finding a backdoor that we had missed. The hackers were determined to be North Koreans and rumored to be sponsored by North Korea’s leadership.”
More security
J&M Tank Lines took a number of steps to protect its data and computer networks going forward. A sophisticated system was installed to track activity throughout the operation. Upgraded security procedures for online activity were adopted for everyone in the company. KnowBe4 cybersecurity training is mandatory for all employees. The management team is looking at taking systems such as the general ledger offline.
“We’re proud to say that we prevailed without paying the ransom,” Sumerford Jr says. “Still, it was a costly event. We’ve heard that upwards of 60% of the operations that get hit with these attacks never fully recover. We’ve learned that trucking is now in the top 10 industries targeted by hackers.”
Jane Jazrawy, chief executive officer of CarriersEdge, echoes Sumerford’s warning that the trucking industry has become a key target for hackers. “Unfortunate as it is, the trucking industry has a bullseye on its chest,” she says. “And now with COVID-19, many hackers are hoping guards will be let down. Scams revolving around loans and all things COVID are rampant. It’s building on an already serious problem.”
She adds that various reports over the last two years estimate that transportation has moved up to the top five of industries most susceptible to experiencing a cyberattack. And small trucking companies tend to be the biggest targets for ransomware attacks because they lack sophisticated protections and, as a result, are more likely to pay hackers who disable their computer systems.
“If you’re hit, the hacker has probably already been ‘in’ for a while,” Jazrawy says. “They can check your financials and see what you can afford to pay.”
More attacks
According to the Identity Theft Resource Center, there were more than 1,200 data breaches reported in 2018 that exposed more than 445 million records. And the average cost to clean it up? About $3.77 million for a data breach in the transportation industry, according to a recent study sponsored by IBM. It cost one shipping giant an estimated $300 million in its ransomware attack.
If that caught your attention, it should, according to Jazrawy. It’s more important than ever for companies to properly protect their information from damage, theft, and destruction. Ensuring proper cybersecurity is becoming an increasingly complex task as information continuously flows between people, devices, servers, and networks.
While companies can protect themselves using hardware and software solutions, the biggest threat to a company’s data is a criminal attack from either a malicious insider or an external hacker.
Hackers are the con artists of the 21st century. They use psychological tactics (known as social engineering) to trick you into granting them access to your sensitive information. Unfortunately, even with software protections in place, all it takes is one password falling into the wrong hands to wreak havoc in an organization. And since we’re all connected, everyone in the company, from drivers to office staff to management and executives have a role to play in keeping data out of the hands of cybercriminals.
Here’s what Jazrawy says fleets can do to safeguard their operations:
1. Guard the treasure.
Hackers can access information both physically and remotely. It’s important to take proper precautions to keep them out of both a facility and computer systems.
Prevent hackers from remotely accessing systems by establishing a firewall, running anti-malware programs across all devices, and use a virtual private network to secure an internet connection. Make sure network folders have appropriate security settings. These act as fortress walls to keep intruders out.
Don’t underestimate the power of the password. Create strong, unique passwords or passphrases for every account and device, keep track of them using a trusted password manager and choose to enable two-factor authentication whenever possible.
Remember that data can be stored in multiple places. Always back up information in case of loss or damage and be sure to securely destroy all copies of sensitive material when it is no longer needed.
Don’t forget to lock up the office. Safely store hard copies in a locked filing cabinet, ensure employees require appropriate identification to gain access to restricted areas, and always set devices to auto-lock after a period of inactivity.
2. Think before clicking.
Hackers try to manipulate people into clicking on malicious links or downloading attachments in emails or on websites that contain malware which can damage, destroy or steal data.
Hackers also play upon human emotions like fear and greed to get people to enter sensitive account information. For example, a hacker might send an email urging someone to confirm their login details to prevent their account from being deactivated within 24 hours. Or, they might “bait” a victim into doing so by offering a bogus reward or prize.
Before clicking on a link or responding to such an email with personal information, take a second to look at the email address of the sender to see if it is legitimate and hover the cursor over any hyperlinks to display the full web address. If it looks suspicious, it probably is.
Before clicking “send” on an email, make sure to encrypt and password-protect any sensitive information and never send credit card information over email.
3. Risk sounding rude.
Hackers often impersonate other people and take advantage of social norms and niceties to do so. They may pretend to be an employee or an external service provider in order to gain access to information at a company.
Hackers are able to get away with this because people are often too nice to ask for identification or don’t want to risk sounding rude or foolish by doubting the authenticity of a visitor’s request. Usually, the imposter will have gathered enough information to make their visit or request sound legitimate.
Even if it may feel uncomfortable doing so, abide by the company’s visitor policy by politely asking anyone unfamiliar for their identification and escorting any unauthorized visitors to the front desk to obtain proper identification. Similarly, don’t be afraid to verify the request of anyone asking for information or who is seeking to access to a facility or accounts by confirming with a supervisor that permission has been granted.
Criminals often impersonate CEOs and other high-level executives by hacking into their business email accounts, which they use to send requests to employees in order to obtain sensitive information, like customer billing information. If there’s any doubt about the legitimacy of a message, always contact the sender using a separate means of communication. Even if the request is genuine, caution is welcomed.
4. Sharing is not caring.
Social media accounts can be a gold mine of useful information for hackers. Even seemingly harmless information can be used as part of a larger scheme. Be cautious about what is shared and check settings to limit who can see accounts and posts. Never post personal or corporate information on social media and be wary of what information might be revealed in the background of photos.
Sometimes people share information without even knowing it. Take the time to check app permissions and disable location services on devices and social media accounts. Location services is a setting that automatically tags photos and posts with a user’s current location. This is especially important for drivers as it lets criminals know where to find them and their freight.
Be selective and careful when giving out an email address and only give it to known and trusted sources, as an email address can become a target for spam and other malicious email.
Remember that public Wi-Fi is in fact, public. Hackers can easily “eavesdrop” on open networks and gain access to information shared over the network. Avoid logging into any personal accounts over unsecured Wi-Fi.
5. Keep it up to date.
Software companies put out updates or security patches because they have identified a vulnerability in their system. By postponing updates, users essentially are leaving the door to their system or device open to hackers.
Keep the email filter up to date by flagging any unsolicited messages as spam/junk when they’re received. This will help limit the amount of unsolicited and potentially harmful emails received.
As technology evolves, so should a company’s policies and procedures for cybersecurity.
All told, it’s better to be safe than sorry. Be diligent in efforts to keep an attack-free environment. And train drivers so they, too, know what to look for. By working together, everyone can help ensure their company won’t end up being the one others are talking about at a cybersecurity conference.