A leading US transportation business has become the latest corporate victim to lose millions in a ransomware attack, according to a regulatory filing.
Tennessee-headquartered Forward Air describes itself as the leading provider of ground transportation and logistics for North American air freight and less-than-truckload (LTL) shipping.
Its 8-K filing with the Securities and Exchange Commission (SEC) yesterday revealed the attack was first detected by the firm on December 15 last year.
“While the company’s systems recovery efforts are completed and the company’s operations are fully functional, the incident did result in a loss of revenue as well as incremental costs for the month of December which will adversely impact the company’s fourth quarter 2020 results,” it noted.
In fact, it lost an estimated $7.5m in LTL revenue in the quarter, “primarily because of the company’s need to temporarily suspend its electronic data interfaces with its customers.”
Although the loss doesn’t seem to have had a major impact on Forward Air’s year-on-year fourth quarter growth, the news highlights again the potentially major financial repercussions of ransomware attacks.
As well as lost sales and operational losses, victim organizations typically spend big on additional IT support and third-party investigation and forensics contracts, and must also absorb the hit to staff productivity.
Many organizations have taken out cyber insurance policies in order to cover themselves in such cases. However, some experts have argued that these may encourage firms to simply pay the ransom, thereby perpetuating the problem as cyber-criminals see there is easy money to be made.
It doesn’t appear that Forward Air had such a policy.
In fact, the average ransom payment dropped 34% from Q3 2020 to the final quarter of last year, according to Coveware. The vendor claimed this could be due to reports of ransomware groups breaking their promise to delete stolen data taken from victim organizations on payment.
“The trust that stolen data will be deleted is eroding; defaults are becoming more frequent when exfiltrated data is made public despite the victim paying,” it argued. “As a result, fewer companies are giving in to cyber-extortion when they are able to recover from backups.”