14 DAY TRIAL // When Teamsters became the target of a ransomware attack on Labor Day 2019, hackers demanded a seven-figure ransom, says NBC News.
Unlike many other organizations that have been the target of high-profile ransomware attacks in recent months, the union refused to pay, according to three people familiar with the previously disclosed cyberattack.
"They locked down the entire system and said if we paid them they would give us the encryption code to unlock it," said one of the sources, who spoke to NBC News on condition of anonymity because they were not authorized to speak publicly about the incident.
Up to the present day, the union organization kept the hack hidden from the public. This points to a truth that cybersecurity experts believe lies beneath the surface of recent high-profile attacks: An unknown number of companies and organizations were blackmailed without ever speaking publicly about it.
The attackers wanted $2.5 million in exchange for restoring access to electronic files while communicating with Teamsters leaders on the dark web via a URL specified in the ransom note.
According to a Teamsters representative, the personal information of millions of active and retired members was not compromised, and only one of the union's two email systems was frozen along with other data.
Teamsters authorities notified the FBI and requested assistance in determining the source of the attack. They were advised that similar hacks are common, and that FBI is unable to assist them in locating the perpetrator.
According to the sources, union officials in Washington were split on whether to pay the ransom, even negotiating the sum of $1.1 million. Ultimately sided with their insurance provider, who advised them not to.
Teamsters recovered 99% of their data from historical material
According to the union representative, Teamsters chose to restore their systems, and 99% of their data was recovered from historical material, some of it from physical copies.
The FBI press office did not respond to numerous requests for comment. The position of the FBI is that ransomware payments should be avoided.
In recent years, criminal hacking groups have embraced ransomware. However, according to Allan Liska, Recorded Future analyst, the practice of targeting specific companies and organizations in hopes of receiving a large payment has increased in 2019. He was not involved in the Teamsters hack.
Most ransomware groups now maintain blogs and threaten to release victims' files if they don't pay up.
In 2019, the process was simpler: either the victim paid and hoped their files would be restored quickly, or they didn't pay and tried to act on their own. In either case, the interaction came to a halt there.
In the past, Liska said, it was easier to keep ransomware attacks hidden from the public. Many victims initially chose not to publicize the fact that they had been hacked.
In recent months, ransomware has become a widely recognized problem that crippled several hospitals, the largest gasoline pipeline in the U.S., and the biggest meat plant in the world, making the problem inescapable.