HomesecurityForward Air: He fell victim to the new Hades ransomware gang

Forward Air: He fell victim to the new Hades ransomware gang

Η Forward Air fell victim attack from one new ransomware gang, called Hades. The attack affected the company's business activities.

Forward Air is a leading "trucking and air freight logistics company" based in Tennessee USA. The company employs over 4.300 people.

Forward Air Hades ransomware

Last week, it became known that Forward Air suffered a cyber attack, which forced to put the systems offline, to prevent the spread of the attack. The company itself later confirmed the incident.

"On December 15, Forward Air detected a security incident that affected the performance of some computer systems. According to our security protocols, We immediately shut down our systems, notified law enforcement and hired several experts to assist us in our internal investigation.. Our IT team is working to restore the systems and services, which have been affected, as soon as possibleSaid Forward Air on BleepingComputer.

It is called ransomware attack has led to the cessation of business activities, as the documents required for the release of goods from customs were stored in the systems affected by the attack.

Currently, Forward Air's official site is down and displays only a message informing about the “incident security".

Behind the attack is the new Hades ransomware

It is said that Forward Air was affected by a new business ransomware known as Hades.

Initially, Forward Air submitted one Form 8-K to the Hellenic Capital Market Commission revealing that it was attacked by ransomware. Among other things, the company said:

"On December 15, 2020, Forward Air Corporation spotted a ransomware attack that affected its systems and delayed the delivery of services to many of its customers. Immediately after locating the incident, the company launched an investigation… H. company has also cooperated with law enforcement authorities".

The Hades ransomware gang launched the attack a week ago.

When encrypting a victim's systems, ransomware creates one ransom note, entitled “HOW-TO-DECRYPT- [extension] .txt”. This note has some similarities with what the hackers of REvil ransomware.

Inside the note, the victim finds one URL of a Tor website which is unique to each victim. This URL leads the victim to a Tor site that contains information about the attack and a Tox messenger address που τα victims can use to communicate with intruders. This address is the same for all victims.

According to Bleeping Computer, the hackers behind Hades ransomware, have a Twitter account, which they will most likely use to leak archives stealing during attacks.

At the moment, no sample of the new ransomware has been found, and also the amount of money requested by the hackers to decrypt the systems.

Source: Bleeping Computer

Digital fortress
Pursue Your Dreams & Live!