top of page

Are logistics firms like yours at risk from ransomware attacks?

Getting stuff from A to B has never been more important or more in the public eye. And with the challenges of the pandemic, Brexit and spiking fuel costs, logistics companies are coming under increasing pressure around delivering on time and at low cost.

Photo of box being scanned for shipment

Unfortunately, cyber criminals don’t care about that and if logistics companies are not prepared, they could easily fall victim to a cyber-attack. And an attack enabled by a staff member – either purposefully or accidentally is a major way that this could occur.


Criminals understand that logistics companies depend on a delay free environment so that they can get their goods picked up and delivered quickly and efficiently. Anything that interferes with this will have to be dealt with straight away as delays cost money and reputational damage – that means ransom demands against logistics companies are likely to be paid quickly and quietly to ensure goods transits remains unaffected. That makes them particularly vulnerable to attack.


Recent Logistics and Transportation Cyber Attacks

There are plenty of examples of cyber-attacks affecting logistics and transportation companies in the past few months.


Hellman Worldwide Logistics suffered a suspected ransomware attack in December 2021, which led to clients being targeted with fraudulent communications.


Expeditors International - the world's sixth-largest freight forwarder reportedly shut down its computer systems after an attack limited its ability to manage customs and distribution activities. While they did not explicitly say it was a ransomware attack, the business did say it was restoring systems from backups, which is an indicator of that type of cyber-attack.


In February 2022 IT infrastructure at ports in Belgium and the Netherlands were reportedly subject of a cyber-attack while more recently, in late October, a major breakdown of Denmark’s train network during the weekend was the result of a hacker attack on an IT subcontractor’s software testing environment.


Of key concern is the fact that smaller companies are even more likely to be impacted by a cyber-attack.

“Often it’s the smallest carriers that have the weakest defences, and they get breached,”

said Tim James Higham, CEO of InMotion Global, a company that provides IT systems to logistics companies. That was demonstrated when a small trucking company in the US, with less than 25 trucks was ransomwared in 2021 – a demand for $300K was made in return for a promise not to disclose sensitive shipping documents that had been stolen.

“Being a small company in a small town, you would have never thought a company like us would get targeted,”

the owner said.


When the company refused to pay the data was leaked onto the dark web and all of the supply chain and customers affected had to be notified of the data breach. Only time will tell whether the incident leads to a loss of business to this small company and whether job losses follow.


So, what is ransomware?

Simply put this is a malicious attack against a network where the criminals get access to data and either steal it, threaten to delete it, or encrypt it. The criminals will then demand a payment for the return of the data. Imagine how this could affect your business – sensitive financial data relating to your customers, suppliers or even your own company, commercially sensitive data relating to staff, the operating of your business or contacts with others - these could all be compromised or lost.


The reality is that ransomware is now viewed as a business model and many entities behind these attacks will present themselves as being on the same side as the victim. So, in return for the payment your business will often be supported through a process which will return the data that has been encrypted / stolen. It is worthy of note that paying the ransom does not guarantee the return of the data and certainly does not guarantee that it won’t be sold on or published at some point in the future. Also, your network will still be infected, and you are more likely to be targeted again in the future.


The paying of the ransom has moral and ethical undertones that may not be immediately apparent when you are faced with such an attack. Consider the fact that you may be financially supporting terrorists or criminals by paying the ransom.


Can you protect yourself from these attacks?

Ransomware is always preceded by an attack on the network itself, commonly through use of stolen credentials, a phishing e-mail or brute force attack. These attacks are increasing in complexity and sophistication meaning that defence against these dark arts needs continual review. But the key points for protection to remember are:

  1. Look at the free tools and guidance available on the ECRC site Education & Resources at the Eastern Cyber Resilience Centre

  2. Make your network resilient and practice good cyber hygiene – using Cyber Essentials (CE) principles. Use strong passwords and multi-factor authentication if you can.

  3. Make sure Staff Awareness Training is up to date – spotting a phishing e-mail early will prevent a lot of pain further on down the line. Find out about our affordable cyber services by contacting us and arranging a chat.

  4. Make sure all staff know the symptoms of an ongoing ransomware attack and respond quickly to it using a prepared incident response plan. You can download a template from our site.

  5. Identify common points of failure across the network – patch vulnerabilities and restrict access from malicious sites and IP addresses – speak with you MSPs about this and don’t assume that it will be done automatically. The important thing here is to understand where your main vulnerabilities are, then deal with them first.

What next?

The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of data and permanent loss of reputation. But all is not lost.

Here at the centre, we would recommend that you consider

  1. Join our community for free by clicking here. You will be supported through implementing the changes you need to make to protect your organisation.

  2. Consider how we can help your own supply chain and customers – it would be great if you could look at promoting the centre on our behalf. Again –click here to find out what benefits you can get by getting your supply chain to join the centre.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.


Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need. Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page