Watch Now


Hackers threaten shipping firm ECU Worldwide with data leak

Less-than-container load specialist’s owner, AllCargo Logistics, vows to ‘take any steps necessary, legal and otherwise, to protect our customers’ data and interests’

ECU Worldwide, which specializes in less-than-container load (LCL) services, was hit by a cyberattack in February. (Photo: Jim Allen/FreightWaves)

A ransomware gang is threatening to release a massive trove of data stolen from shipping firm ECU Worldwide more than a month after a cyberattack caused serious disruptions to its online platforms. 

The Mount Locker ransomware gang claimed in a post to its leak site on Sunday that it had taken 2 terabytes of data from ECU. The hackers have yet to release any data and did not respond to a message sent by FreightWaves. 

ECU, a non-vessel operating common carrier (NVOCC) specializing in the consolidation of less-than-container load (LCL) shipments, was targeted in a cyberattack in February. The company’s owner, India-based AllCargo Logistics (NSE:ALLCARGO), acknowledged a “cyber incident” in a Feb. 16 letter filed with the National Stock Exchange of India. 

AllCargo Logistics, one of India’s largest publicly traded companies, would not comment on the ransomware gang’s post directly or say whether any data had been stolen in an attack. 


“We continue to diligently monitor our systems and processes and will take any steps necessary, legal and otherwise, to protect our customers’ data and interests,” AllCargo spokesperson Alok Roy said in an email to FreightWaves.

Cyberattack led to outages of ECU online platforms, email systems

AllCargo said that the incident impacted certain online platforms and the email system at ECU. In February, The Loadstar reported that the attack caused extensive headaches to customers, who were unable to communicate with the company.  

“Whilst we did initially have to temporarily take our systems offline, our systems have been operational for some time now since the incident and our business is operating at an optimal level,” Roy said in an email.

Ransomware gangs like Mount Locker typically use the threat of a public data release to pressure victims to pay sums that can run into millions of dollars. The payments come in exchange for an enforceable promise to not release that data.


Read more: Ransomware attack on EDI provider highlights cyber risks in supply chain

While Mount Locker has yet to produce any proof that it stole any data, it has a track record of making good on its threats. Victims include U.K. construction giant Amey, which saw over 100 gigabytes of data leak.

The nature of ECU’s business involves extensive digital communications with shippers, ocean carriers and trucking and warehousing companies across the world. ECU has a large global presence with over 300 offices in more than 180 countries, according to the company’s website. 

While it remains unclear what, if any, data was compromised, previous attacks on transportation victims have led to extensive leaks involving customer information. Hackers also commonly use attacks to target victims’ customers, often by sending sophisticated phishing emails, which appear legitimate and contain malware.

ECU has a significant presence in the U.S. The company moved over 38,000 shipments being imported into the United States during the past 12 months, according to the U.S. Customs and Border Protection data. 

FreightWaves market expert Henry Byers contributed to this report.

Click for more FreightWaves articles by Nate Tabak

Nate Tabak

Nate Tabak is a Toronto-based journalist and producer who covers cybersecurity and cross-border trucking and logistics for FreightWaves. He spent seven years reporting stories in the Balkans and Eastern Europe as a reporter, producer and editor based in Kosovo. He previously worked at newspapers in the San Francisco Bay Area, including the San Jose Mercury News. He graduated from UC Berkeley, where he studied the history of American policing. Contact Nate at ntabak@freightwaves.com.