A ransomware-attacked truck driver union repels hackers on its own against the FBI

A ransomware attack targeting one of the largest trade unions in the United States, the

Team Star Trade Union (National Truck Driver Union) , was revealed in 2019, according to interviews with stakeholders became. A union official testified that the FBI had instructed the union to 'pay the ransom because the FBI is too busy to handle it,' but the union eventually refused the ransom request. It is reported that.

Ransomware attack hit Teamsters in 2019 — but they refused to pay

According to US news media NBC News, the ransomware attack on the teamster union occurred on the weekend of the week of Labor Day in September 2019. In this attack, hackers encrypted the email system and data owned by the Truck Drivers' Union and made it unusable.

'Hackers have said they'll lock down the entire system and give them an encryption code to unlock it if they pay,' a union official told NBC News on condition of anonymity. I am.

A hacker who has contacted the truck driver's union via the dark web has demanded payment of $ 2.5 million (about 275 million yen) in return for regaining access to electronic files held by the union. ..

The truck driver's union reported the ransomware attack to the FBI and asked to identify the attacker, but since many similar damages occurred at that time, the FBI told the truck driver's union to 'pursue the criminal Can't cooperate. ' He advised that he should just pay for the ransom demand. 'They said,'We can't do anything because something similar is happening all over Washington,'' one of the people said about the FBI's reaction.

The opinions of union executives who discussed how to respond to ransomware attacks differed depending on whether or not they would respond to the ransom demand, and the policy was to pay the amount at a discount of about half the price of 1.1 million dollars (about 121 million yen) at one time. He said he called. However, in the end it was decided not to pay the ransom.

The union of truck drivers, who decided to refuse the ransom demand, rebuilt the system on their own, recovering 99% of the data from archived files. It seems that the materials stored in the hard copy were also used for the recovery.

In recent ransomware attacks, hackers tend to threaten to leak confidential and personal information held hostage if the victim does not respond to the request, but at that time, 'whether the victim responds to the request or by himself' In most cases, there was a choice between 'what to do'. As a result, the hackers dropped when the truck driver union replied that they would not pay the ransom.

According to Alan Lisca, an analyst at cybersecurity firm Recorded Future , the extent and scale of ransomware damage tended to be smaller in 2019 than in recent years, hiding victims from being attacked. Was relatively easy. Therefore, as in the case of the Truck Drivers Association, it is believed that there are still many undisclosed ransomware damages.

in Security, Posted by log1l_ks