Ransomware hackers have claimed they attacked a Texas customs broker and freight forwarder Daniel B. Hastings, posting files they purportedly stole in an apparent attempt to extort the Laredo-based company.
The extent of the apparent attack and data breach was not immediately clear. Hastings did not respond to FreightWaves’ requests for comment.
The files posted by the ransomware group Conti on Saturday appear authentic. They include completed U.S. Customs and Border Protection documents for shipments involving multiple countries, companies and modes.
Daniel B. Hastings has five offices in Texas, specializing in U.S.-Mexico cross-border shipments. The company is affiliated with two other customs brokers: Casas International and Pacific Brokerage, as part of CPH Group.
Multiple companies in supply chain targeted in ransomware attacks
Hastings represents just the latest supply chain company targeted by ransomware groups. Conti recently claimed responsibility for attacks on U.S. flatbed carrier Daseke and Canadian trucking company Manitoulin Transport. Other groups have attacked French shipping giant CMA CGM and TFI International, Canada’s largest trucking and logistics company.
Conti and similar groups begin posting a small number of stolen files after companies refuse to pay a ransom to have system access restored and to secure a promise that hacked data will not be posted.
The companies subject to public data leaks likely represent a fraction of all ransomware attacks. Firms, sometimes with ransomware insurance, often handle the incidents and payments quietly.
Security experts say the willingness to pay ransomware groups allows them to flourish. Beyond the rash of incidents targeting the supply chain, hacking groups have hit companies and governments across the world.
Ransomware groups’ immediate goal is to make money by extorting their targets. But they also leverage the data and systems of their victims’ access to stage other attacks through phishing emails.
“Anyone that has dealings with that company is at risk for being attacked,” Brett Callow, a threat analyst with Emsisoft, told FreightWaves.