News / JAS Forwarding recovers from cyber-attack, but saw 'many stolen credentials'

© Hlib Shabashnyi |

JAS Forwarding was hit by a ransomware attack last week, resulting in more than 400 data records being leaked, according to a ransomware database.

JAS said yesterday it had restored most of its systems since the attack on 27 August.

It said: “Our central operating systems are working well, and all core functions are operating. We are approaching full recovery, and most of our customers and vendors have resumed doing business with JAS at the pre-incident level across most geographies.

“We are staying vigilant, closely monitoring potential risks and implementing additional security measures to mitigate future disruption.

“Any remaining backlogged requests and local-specific functionalities are being tackled and resolved methodically and professionally.”

JAS noted last week it had “determined this cybersecurity incident was the result of ransomware”.

A source at a cyber-crime company said that hackers had not posted the forwarder’s name in an attempt to extort them.

“This could mean that JAS paid the ransom, but we cannot be sure,” the source speculated.

The source noted that there were “many stolen credentials, over 400 leaked data records and 150 hacker chatter mentions. There was certainly a lot of material for hackers to work with to attempt the break-in.”

Many of the affected accounts were ‘admin’ addresses, which means hackers could have gained access to the most sensitive systems, allowing them to demand a ransom. Databases show a number of employees have been hacked before, which could indicate weak security.

Ransomware can damage systems. While paying hackers mean data is not published, and companies are given a ‘restoration key’, the damage may mean data still needs to be restored from scratch.

Cyber-attacks can be expensive – even if you don’t pay the hackers. Expeditors, which faced an attack in 2022, is being sued for $2.1m by long-term customer iRobot, which claims the forwarder failed to implement a business continuity plan after it was forced to shut down its global operating systems. Deliveries ground to a halt.

JAS’s speedy recovery suggests the impact there was not as large, and it revealed that the “majority” of its contract logistics businesses were not affected. Just two days following the announcement of the attack, JAS said its email system and website were secure, and communications were up and running.

But cyber-crime experts warned companies they must ensure their systems are wholly secure.

“Companies should take important steps to protect themselves, such as installing endpoint detection and response (EDR) solutions, training staff how to spot phishing emails, having backups and enabling multifactor verification (MFA) wherever possible,” explained Andrew Martin, CEO of DynaRisk.

“Ransoms can be very difficult to recover from, with outages possible from days to weeks in most cases.”

JAS added: “We remain fully committed to supporting our customers during this period and will continue to provide updates.”