Expeditors International logo close-up on website page showing cyber attack affecting logistics operations

Suspected Ransomware Cyber Attack Disrupts Expeditors International’s Logistics Operations Worldwide

Logistics operations company Expeditors International shut down its computer systems after a targeted cyber attack that limited its ability in managing customs and distribution activities. Expeditors said the February 20 incident affected its global operations forcing it to initiate crisis management and business continuity plans. However, its services would remain limited until the complete restoration of its computer systems from data backups.

With a turnover of $10.1 billion and over 18,000 employees, Expenditors International manages distributions in over 350 locations globally. Expeditors International’s services include transportation, warehousing, distribution, and customs.

Expeditors’ cyber attack to affect global logistics operations, including distribution

The logistics operations giant shut down most of its systems worldwide to prevent further damage following Sunday’s cyber attack.

“Upon discovering the incident, we shut down most of our operating systems globally to manage the safety of our overall global systems environment,” the company wrote.

The logistics operations giant did not provide an expected date of resumption of normal operations but said it was working with global cybersecurity experts to manage the incident.

Additionally, Expeditors said most of its logistics operations, including arranging for shipments of freight or managing customs and delivery of customers’ shipments, would be limited.

However, the company promised to minimize the impact of the cyber attack by supporting customers through alternative solutions and providing timely and accurate information and regular updates.

“We are conducting a thorough investigation to ensure that our systems are restored both promptly and securely, and on a parallel track, evaluating ways with our carriers and service providers to mitigate the impact of this event on our customers.”

Company did not confirm ransomware attack

Although Expeditors did not describe the incident as a ransomware attack, the company said it was restoring its systems from backups. This recovery method suggests that it likely lost most data through ransomware encryption.

No major ransomware operator has listed Expeditors International on any data leak site or claimed responsibility for the cyber attack.

However, the company fears that the incident could have “material adverse impact on our business, revenues, results of operations and reputation.”

Ransomware attacks carry reputational penalties when threat actors list the victims on data leak sites and publish exfiltrated data. Consequently, most victims are cautious about acknowledging ransomware attacks to avoid hurting their reputation. Limited information on suspected ransomware attacks may also suggest possible ongoing ransom negotiations.

Nasser Fattah, North America Steering Committee Chair at Shared Assessments, said ransomware attacks could have further impact like churn, and failure to meet contractual obligations.

“It is unfortunate, but we do not see ransomware slowing down,” Fattah said. “The cost of outages attributed to ransomware can be very impactful to companies of all sizes.

“When we look at revenue loss, time, and resources to identify, contain, and eradicate ransomware to systems recovery, the overall financial loss to a company can be staggering.”

He recommended understanding the company’s “strengths and weaknesses in defending against ransomware,” being prepared if ransomware strikes, and understanding all costs associated with ransomware incidents.

The incident could also have widespread impact on the already stressed supply chain trying to overcome the effects of COVID-19 and Russia’s invasion of Ukraine.

Logistics operations companies targeted

Expeditors’ cyber attack is the latest incident targeting logistics operations companies. On February 4, 2022, Swissport disclosed that it suffered a ransomware cyber attack that affected its infrastructure, causing outages.

Similarly, Hellmann Worldwide logistics suffered a cyber attack on December 9, 2021, that potentially led to data leakage or led to unauthorized use. Hellmann said it disconnected its central data center as a precautionary measure.