Another day, another ransomware attack has made it to the news. This time, the victim firm is a trucking and freight company Forward Air. While the firm hasn’t disclosed much details, reports reveal that Forward Air has suffered a ransomware attack.
Forward Air Ransomware Attack
The American trucking giant Forward Air has become the latest victim of a ransomware attack. The incident surfaced online after the company’s website went down.
Even at the time of writing this article, the site is still down and merely displaying a security notice.
The company has disclosed that it suffered a cyberattack on December 15, 2020. After the incident, they had to pull their systems offline, and that their IT personnel are working for restoration.
However, it has now been a week since the incident, and the firm’s services remain down.
Nonetheless, Forward Air’s recent 8-K Form filing with US Securities and Exchange Commission (SEC) reveals that the company suffered a ransomware attack. As stated in it,
On December 15, 2020, Forward Air Corporation (the “Company”) detected a ransomware incident impacting its operational and information technology systems, which has caused service delays for many of its customers. Promptly upon its detection of the incident, the Company initiated response protocols, launched an investigation and engaged the services of cybersecurity and forensics professionals. The Company has also engaged with the appropriate law enforcement authorities.
According to Bleeping Computer, the firm has fallen prey to a new ransomware Hades.
About Hades Ransomware
Bleeping Computer has revealed that the Hades ransomware emerged around a week ago as it executed “human-operated attacks against the enterprise”.
Upon reaching the target systems, the ransomware encrypts the data whilst adding a “.rh94k” extension, according to ID-Ransomware.
Their ransom note file entitled “HOW-TO-DECRYPT-xxxxx.txt” mentions the ransomware’s Tor site link. The site asks the victim to contact the attackers via the TOX messenger.
While the attackers share unique Tor website links for every victim, their TOX Messenger address remains the same.
The details about their demanded ransom and whether or not they also steal the victim’s data for leaking later are presently unclear.