Recent Ransomware Attacks in Transportation

Recent Ransomware Attacks in Transportation

Even though transportation companies are increasingly concerned about cybersecurity, attacks continue to occur regularly. Threat actors using ransom-as-a-service programs, lone wolves, or state-sponsored organizations attack networks and install malware that encrypts vital files and systems. This article will bring to light the recent ransomware attacks in the transportation industry.

Every week, another successful ransomware attack on the transportation and logistics business is reported. Here are a few:

Steamship Authority: June 2021

The Steamship Authority of Massachusetts runs ferries between Cape Cod, Nantucket, and Martha’s Vineyard, among other places. The company was hit by a ransomware attack in June 2021, which disrupted operations. According to Steamship Authority’s official account tweets, customers going by ferry should expect minor delays.

The ransomware did not affect critical technologies required to assure the safety of ferry transportation services. Still, the industry is always concerned that a security breach could occur at any time. A ransomware attack could potentially disrupt maritime radar systems or airline air traffic control, posing substantial safety risks to passengers.


Merseyrail: April 2021

Merseyrail is a passenger rail service that serves the Liverpool area of England. The attackers, who emailed journalists and staff via a privileged Office 365 email account within the Merseyrail network, made the attack public in April 2021.

According to the email’s subject line, the ransomware strain in question was LockBit. This sort of ransomware spreads quickly over networks and infects several more host systems from a single point of compromise. The Merseyrail attack appears to have started with compromising a single privileged account credential using phishing or brute force methods.


OmniTRAX: January 2021

In Colorado, OmniTRAX provides short-distance rail transportation. The company was successfully breached by the Conti ransomware group, according to claims in the media, in January 2021. The attack used a two-pronged extortion strategy, first stealing data and then locking down computers before demanding a ransom.

OmniTRAX chose not to pay the ransom, heeding the advice of federal agencies such as the CISA. As a result, over 70 terabytes of internal OmniTRAX documents were exposed on the internet. OmniTRAX operations were not harmed as a result of this occurrence.


Forward Air: December 2020

Forward Air is a trucking and freight logistics company that provides ground transportation in the United States. A ransomware attack targeted the organization in December 2020, which was caused by a new strain of ransomware known as Hades. Hade’s ransomware was spread by an unknown entity that used standard first attack routes like malware delivered via Google Chrome upgrades and credential access over VPN connections.

Forward Air refused to pay the unquestionably hefty ransom and sought to regain access to the affected systems. The corporation acted quickly and took down all its IT systems to contain the attack. Forward Air’s business was severely harmed due to the incident, which cost an estimated $7.5 million to respond to and recover from. Truck drivers could not access critical documentation needed to clear cargo via US customs, causing delays.

Recent Ransomware Attacks in Transportation medium

STM Montreal: October 2020

A ransom demand of $2.8 million was made following a ransomware assault on Montreal’s STM public transportation system in October 2020. The Montreal STM chose not to pay the ransom and instead concentrated on responding quickly to the incident. According to a public statement released after a complete cyber event investigation, the organization was able to recover 600 critical servers that were damaged by the ransomware attack.

Recovering the servers was expected to be in the neighborhood of $2 million. The attack had no effect on bus and metro services in Montreal, while the STM website was down for several days. The hack appears to have acquired personal information on 24 workers and 72 customers, but the sensitivity of that information was restricted to names and email addresses.


Adapting For The Future

With rising demand on transportation and logistics leaders to improve security against malicious cyberattacks, they must turn to a reliable, knowledgeable cybersecurity partner.

  • Prevent downtime by safeguarding critical assets. Conduct a cybersecurity impact analysis to identify potential hazards and learn how to reduce risk, especially in today’s high-risk environment for cyberattacks.
  • Ransomware is a threat to any firm, regardless of its size. TMS-Digital puts clients on the offensive against cyberattacks by assessing any potential weaknesses in their digital defenses. We create a strategy tailored to a company’s needs using tried and actual tactics such as phishing simulations, employee awareness training, and firewall management.
  • New technology, like other sectors, may offer new vulnerabilities. Transportation technology that improves connectivity and efficiency may introduce unanticipated risks. TMS-Digital uses tools like mobile device management and security information, and event management to secure network security in the face of changing technologies and systems.
  • With TMS-Digital’s guidance and help, adapt to the NIST cybersecurity framework. Our experts are well-versed in the specialized requirements of transportation and logistics companies and the most up-to-date cybersecurity measures.



Transportation Ransomware Prevention strategies entail protected privileged accounts, secrets, credentials, proactive remote monitoring, and a backup/disaster recovery plan. Privileged accounts are used for various functions in the transportation industry, including accessing databases, applications, servers, confidential data, and other system components. Protected Harbor‘s TMS-Digital is a comprehensive solution for preventing security breaches caused by access abuse, weak remote monitoring, and other threats.

TMS-Digital is one of the leading cybersecurity companies in the transportation industry. With a team of experts and leading technology, we can identify ransomware attacks and restore files or systems within minutes. TMS-Digital’s cutting-edge ransomware defense system automatically detects new types of malware using machine learning algorithms that work together seamlessly with an expert tech team and an advanced proactive security solution that terminates detected attacks at once without any end-user interaction required. Protect your business from ransomware and other emerging threats; contact us today!

Leave a Reply

Your email address will not be published. Required fields are marked *