With E-logs, advanced logistics solutions, automated collision avoidance systems and more, trucking as an industry is getting more hi-tech. Unfortunately, so are criminals. A mid-sized trucking company in Texas recently found out the hard way that there are more hi-tech ways to steal from a carrier than cargo theft.
According to an article published by Fleetowner, OutWest Express LLC, was recently the victim of a digital attack.
On June 8th, the 150-truck company received a driver application via email with an attached resume. It looked the same as all the other hundreds they receive on a weekly basis, but this one was carrying a virus. When an employee opened the attachment, the document appeared blank – it wasn’t. It contained an encrypted malware virus that allowed the hackers access to all of the company’s inner workings.
from Fleetowner.com by Samuel Barradas
The hackers were able to change all of the server logins, effectively shutting the company out of its own system. They then showed a message on all of the computer screens which said that if OutWest wanted its server back, it would need to call the number on the screen and pay a ransom.
OutWest ended up paying a different company to recover most of its data from an out-of-date backup they had stored off of the server. The service was very expensive and was not able to recover all of their data.
“We didn’t get all of our files back, so we had to start over from scratch in many ways,” said Zachary Chilson, VP of OutWest.
So OutWest had most of their data back, and their system was up and running once again. It seemed like the problems were behind them since they had learned their lesson and installed better virus protection, protected itself against hacking, and started backing up their servers and computers more frequently. But then something else happened.
They started to get calls from brokers asking why loads weren’t getting picked up. It was because OutWest had never booked them – it was the hackers. The hackers had been calling freight brokers using the stolen data, pretending to be OutWest. They would set up loads, demand an upfront deposit as large as $800 per load, and then disappear.
Knowing that the hackers were using stolen data was worrying because there was a lot more information on those servers as well.
“We had all kinds of sensitive data files stored in our server; tax returns, social security numbers, things like that,” he said. “So now we’re stuck waiting to see if they try to use any of that.”
Possibly the worst part of this whole thing is that OutWest had to deal with this threat alone. When they called the police, they couldn’t help – they didn’t even write up a police report. “We even tried the FBI but got nowhere,” said Chilson.
According to a cybercrime prosecutor with the U.S. attorney’s office in the Eastern District of Pennsylvania, that’s because agencies generally don’t get involved until the damages for this kind of crime reach over $100,000. The average cost of cybercrime in the U.S. is $12.7 million.
“The biggest lesson we’ve learned is that you just never have enough computer security,” Chilson said. “Computers are simply the gateways to businesses today and must be protected as such.”