A ransomware gang has posted thousands of internal files after a cyberattack on U.S. trucking company Daseke Inc. (NYSE: DSKE), exposing the personal information of drivers, among other potentially sensitive data.
The files, uploaded by the Conti ransomware gang to the dark web, appear to have been stolen from Daseke carrier E.W. Wylie. They include numerous trip reports from truck drivers, and some contain significant amounts of personal information.
The data leak came less than a week after Daseke first acknowledged the cyberattack. Daseke, the largest flatbed carrier in the U.S., issued a statement to FreightWaves in response to questions about the release of internal documents:
“We are continuing to actively investigate this incident in partnership with outside cybersecurity experts and law enforcement. We have made the appropriate internal and external stakeholders aware of this.”
Texas-based Daseke said it would not offer further information as the investigation into the attack continues. The company has a fleet of over 5,000 tractors across its carriers in the U.S. and Canada, with 500 at North Dakota-based E.W. Wylie.
Ransomware gang targeted multiple companies in the supply chain before Daseke
Conti has targeted multiple companies serving the supply chain in recent months. On Saturday, it posted data stolen from Texas customs broker Daniel B. Hastings, including documentation for complex international shipments.
Ransomware gangs like Conti generally leak stolen data after companies refuse to pay ransoms. The Daseke leak suggests the company rebuffed the gang’s efforts to extort it.
Conti posted over 6,000 files to the dark web at some point during the week. It came after the group posted files from another company, claiming it was from E.W. Wylie, raising doubts about the extent of the data breach.
While not readily accessible to typical Internet users, the files contain potentially sensitive information about drivers, customers, and other company operations.
Ransomware attacks have proliferated during the COVID-19 pandemic — with supply chain companies getting hit with increasing frequency. The attacks themselves can bring serious disruptions to operations when the hackers effectively lock victims out of their systems.
The attackers have increasingly incorporated the threat of public data release as part of their arsenal of extortion tools. Security experts say, however, that paying ransoms offers no real protection from having stolen data released or exploited.
Paying ransoms could break sanctions laws, the federal agency says
Recent guidance from the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) urged victims not to pay ransomware attackers directly or through intermediaries.
The Oct. 1 advisory noted that payments “encourage future ransomware payment demands” and risk violating U.S. sanctions laws depending on where the money ultimately goes.
“Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations,” the advisory states.