Forward Air, a leading trucking and air freight logistics company, has suffered a ransomware attack by a new gang that impacted the company’s business operations. It was reported last week that due to the ransomware incident, Forward Air was forced to take its systems offline to prevent the spread of the attack. This shutdown has forced disruption in business as the documents needed to release freight were stored on the systems that were shut down. The company shared this statement: “On December 15, Forward Air detected an IT security incident that impacted the functionality of certain computer systems. Per our information security protocols, we immediately took our systems offline, notified law enforcement, and engaged several third-party experts to assist us in conducting an internal investigation. Our IT team is working diligently to restore the affected systems and services and bring them back online as soon as possible.” Sources are saying that the culprit is the new gang named Hades. This new gang has only been seen operating for a week and uses human-operated attacks. When they successfully encrypt a victims’ network, they leave a note named ‘HOW-TO-DECRYPT-[.]txt’ which closely resembles the notes left by the REvil ransomware group. Enclosed in the note is a TOR site URL that is unique to each victim that contains instructions for the victim to communicate with the attackers through Tox instant messenger.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is