An “IT security incident” at Tennessee-based transportation and logistics firm Forward Air Corp. (NASDAQ:FWRD) likely resulted from a cyberattack, possibly one involving ransomware, experts told FreightWaves.
While the company has disclosed little publicly and did not respond to FreightWaves’ questions about the incident, the incident has the hallmarks of a cyberattack: the company’s nebulous acknowledgment of an “IT security incident,” emails bouncing, engagement with outside experts, and the extended outage of its website and other systems.
“This would certainly appear to be consistent with a ransomware attack,” Brett Callow, a threat analyst with software firm Emsisoft who closely follows such attacks, told FreightWaves.
David Jarmon, a vice president at cybersecurity firm Gray Analytics and former Department of Defense official, said the limited information provided by the company suggests it was “targeted in a cyberattack, likely involving malware infecting its systems, which brings ransomware into consideration.”
The perpetrators of ransomware attacks seek to extort money from their victims by denying them access to their data, and increasingly stealing and threatening to publish it unless the victims pay them. In recent months, ransomware gangs have targeted multiple trucking and logistics companies and other firms serving the supply chain, most recently dedicated contract carrier Cardinal Logistics.
Forward Air brings in outside experts to help investigate
According to a statement from Forward, the company first detected an “IT security incident” on Tuesday.
“Per our information security protocols, we immediately took our systems offline and engaged several third-party experts to assist us in conducting an internal investigation,” Forward said in a statement Wednesday sent to FreightWaves and posted to its website. “Our IT team is working diligently to restore the affected systems and services and bring them back online as soon as possible.”
Ransomware attacks have proliferated because they can be extremely lucrative for hackers, who sometimes demand sums in the millions of dollars to return access to victims’ data, and a promise not to publish stolen files.
Companies that refuse to pay can sometimes see massive, sensitive company data posted to the dark web in retaliation. Trucking and logistics firms that have seen their data posted have included Cardinal Logistics, Daseke, TFI International and Manitoulin Transport.
A Forward Air spokesperson did not respond to questions from FreightWaves about its security issue, and specifically whether it had been the victim of a ransomware attack. The Tennessee Bureau of Investigation, which investigates cybercrime in the state, also not did not respond to an email from FreightWaves.