Forward Air, a leading trucking and freight logistics company from Tennessee, USA, suffered a major cyberattack incident on December 15, 2020, forcing its operations to temporarily shut down. The attack was later found to be a ransomware attack, and because of the incident, the logistics were forced to be delivered through manual operations, as most systems were kept offline.

Forward Air stated it took appropriate measures after the incident by taking its systems offline, informing law enforcement, and contacting multiple third parties to handle the situation. Cybersecurity and forensic professionals are investigating the attack now. Forward Air has also disclosed this information via Form-8k with the Security and Exchange Commission.

Ransomware behind the attack

As per reports from Forward Air, the ransomware behind this attack was identified to have been launched by a new group of ransomware operators called Hades.

Last month, we saw another new ransomware operator called Egregor hitting many organizations, and now Hades has made its introduction into the cyberworld. It is believed Hades began its operations a week ago in Europe in a manual human-operated cyberattack, and its encryption and naming processes were found to be similar to the REvil ransomware group.

As of now, the ransom demanded has not been disclosed; however, the ransom note was found to have a Tor URL unique to each victim. This Tor URL, when opened, will point to the attackers' address via Tox messenger.

It may be the end of 2020, but it's only the beginning for more sophisticated ransomware attacks.

As per the Cybersecurity Ventures predictions for 2021, "Ransomware is expected to attack a business every 11 seconds by the end of 2021," and "global ransomware damage costs will reach $20 billion by 2021." Ransomware attacks aren't going anywhere soon, and they could even evolve into targeted and double extortion ransomware attacks (stealing and encryption of data) in 2021.

How to prepare your organization for ransomware attacks in 2021

Follow the list of best practices below to keep your network safe from file ransomware attacks.

  • Close unwanted ports.
  • Employ honeypot technology to identify unusual traffic to your main servers.
  • Employ deception technology to make hacking procedures more challenging for ransomware actors.
  • Always remove unnecessary applications from users’ devices; in other words, whitelist applications in your network.
  • Always patch your applications and operating system on time.
  • Define a robust firewall configuration.
  • Employ both proactive and reactive security measures to prevent and detect threats.
  • Ensure your RDP services are running only when required.

Brace yourselves; 2021 will be rife with COVID-19 vaccine-themed phishing attacks, and they could eventually be used to drop ransomware or other malware into your network. To help combat this, define, implement, and practice robust cybersecurity strategies to make your organization less of a target for hackers.