Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Forward Air Trucking Victim of New Hades Ransomware Gang

Forward Air, a leading trucking and air freight logistics company, has suffered a ransomware attack by a new gang that impacted the company’s business operations. It was reported last week that due to the ransomware incident, Forward Air was forced to take its systems offline to prevent the spread of the attack. This shutdown has forced disruption in business as the documents needed to release freight were stored on the systems that were shut down. The company shared this statement: “On December 15, Forward Air detected an IT security incident that impacted the functionality of certain computer systems. Per our information security protocols, we immediately took our systems offline, notified law enforcement, and engaged several third-party experts to assist us in conducting an internal investigation. Our IT team is working diligently to restore the affected systems and services and bring them back online as soon as possible.” Sources are saying that the culprit is the new gang named Hades. This new gang has only been seen operating for a week and uses human-operated attacks. When they successfully encrypt a victims’ network, they leave a note named ‘HOW-TO-DECRYPT-[.]txt’ which closely resembles the notes left by the REvil ransomware group. Enclosed in the note is a TOR site URL that is unique to each victim that contains instructions for the victim to communicate with the attackers through Tox instant messenger.

Analyst Notes

It is currently unknown as to exactly how the Hades ransomware group was capable of compromising the network. The primary methods of system infections are still through phishing attacks, exposed remote access systems with weak passwords, and unpatched servers. All organizations are highly recommended to provide their employees and business partners with training on how to recognize and defend from phishing emails. It is also recommended that network administrators constantly monitor their systems for suspicious activity. Binary Defense stands ready to assist organizations to provide 24-hour monitoring of their endpoints and to monitor for threats from Darknet and Clearnet sites.

Source Article: