Watch Now


5 defining cyberattacks on trucking and logistics in 2020

Ransomware attacks proliferate

A ransomware attack on Forward Air led to extensive disruptions to company's operations. (Photo: Jim Allen/FreightWaves)

Hackers hit the trucking and logistics industry hard in 2020. Many of the cyberattacks involved ransomware — essentially a vehicle for extortion.

Ransomware attacks aim to cause as much operational disruption as possible by encrypting data. Hackers then demand victims pay to restore access. Increasingly, so-called double extortion ransomware attacks are leveraging data theft and the threat of public release — or sale — of the data.

Ransoms can run in the millions of dollars. The attacks often never become public, particularly when companies opt to pay. Frequently, companies that heed law enforcement advice and refuse to pay are left dealing with the fallout of extensive disclosures of data.

FreightWaves reported on an array of ransomware and other cyberattacks during the year. They included companies with thousands of trucks and others with just a handful. Here are five of the most important ones.


(Photo: Total Quality Logistics)

5. Total Quality Logistics: Breach exposes partner carriers

Mystery still shrouds what happened at freight brokerage Total Quality Logistics in February. The Cincinnati-based company said hackers had breached its IT system and compromised sensitive information of some carriers. It even led to a carrier lawsuit alleging negligence in the hacking incident. The company insisted that the attack did not involve ransomware or malware of any kind. Regardless of what was behind the hack, TQL offers a cautionary tale about the potential repercussions of cyberattacks beyond the company itself.

A tractor-trailer of a TFI International carrier. One of its parcel and courier subsidiaries was targeted in a cyberattack.
(Photo: Jim Allen/FreightWaves)

4. TFI International: The high price of not paying after ransomware attack

An August ransomware attack targeted TFI International, one of the largest trucking and logistics companies in North America. While the attack itself appears to have impacted only TFI’s Canada parcel and courier subsidiaries, including Canpar, the impacts are staggering. The subsidiaries resorted to manually sorting. It ended up costing TFI about $6 million in quarterly operating revenue. It appears that the company did not pay the attackers, who responded by leaking internal data to the dark web.

A tractor-trailer from Daseke. The trucking company was targeted in a cyberattack.
(Photo: Jim Allen/FreightWaves)

3. Daseke: Truckers’ personal information exposed after cyberattack

The August ransomware attack on Daseke, the largest flatbed trucking company in the U.S did not appear to result in operational disruption seen at Forward Air. But the Conti ransomware gang stole a significant amount of data from subsidiary E.W. Wylie and posted it to the dark web, in an apparent response to the company refusing to pay the ransom. Troublingly, it included extensive personal data on current and former truck drivers. According to the company’s last quarterly financial report, the attack did not result in any material loss. 

A tractor-trailer from Forward Air.
(Photo: Jim Allen/FreightWaves)

2. Forward Air: ‘Hades’ ransomware gang brings multimodal disruption

The Tennessee-based trucking and logistics company was targeted by a new and relatively unknown ransomware gang called Hades in December. The attack directly or indirectly led to widespread disruptions across Forward Air’s public-facing and internal operations systems. For days, customers weren’t able to book loads. While Forward is far from the largest trucking and logistics firm in the U.S., it provides an essential link to airlines’ cargo operations and has no peer that was immediately able to pick up the slack. While the company appears to be well on its way to normal operations, it remains to be seen whether Hades successfully stole data and how it might leverage it. Reached by FreightWaves, the hacking group declined to discuss the Forward attack but was eager to discuss leaks of data in other industries.


A tractor-trailer from CEVA Logistics, which is owned by CMA CGM.
(Photo: Jim Allen/FreightWaves)

1. CMA CGM: An attack felt globally 

The September ransomware attack on France-based shipping giant and CEVA logistics owner CMA CGM offered a very public glimpse of what hackers can do in the supply chain. The attack was first detected in a shipping subsidiary, but the company ultimately disabled its entire core IT systems in response. Most of the disruption happened with e-commerce operations. Some functions were down for two weeks, but the impacts reflected the global scope of the company. In November, CMA CGM disclosed that the cost of the attack could cost up to $50 million. The Ragnar Locker ransomware reportedly targeted the company, according to Lloyd’s List, but the hackers has yet to publicly release any data.

Click for more FreightWaves articles by Nate Tabak

Forward Air reveals ransomware attack, warns of revenue hit

TorQuest acquires Canada cold storage giant VersaCold

Forward Air likely hit in cyberattack, experts say

Nate Tabak

Nate Tabak is a Toronto-based journalist and producer who covers cybersecurity and cross-border trucking and logistics for FreightWaves. He spent seven years reporting stories in the Balkans and Eastern Europe as a reporter, producer and editor based in Kosovo. He previously worked at newspapers in the San Francisco Bay Area, including the San Jose Mercury News. He graduated from UC Berkeley, where he studied the history of American policing. Contact Nate at ntabak@freightwaves.com.