Teamsters was hit by ransomware in 2019, but refused to pay up

Teamsters approached law enforcement but never disclosed the attack until now

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

When the International Brotherhood of Teamsters, more widely known simply as Teamsters, was targeted byransomwareback in 2019, the US and Candian labor union simply refused to pay, new reports have revealed.

Asked for $2.5 million, Teamsters decided to simply rebuild its entire network instead of caving in to the demands of the attackers,NBC Newsreported, based on details shared by anonymous sources.

The sources familiar with the previously unreported attack claim that back then even the Federal Bureau of Investigation (FBI) advised the union to just pay the ransom, a far cry fromits current stance.

When Teamsters officials alerted the FBI and asked for help in identifying the source of the attack, they were informed that theirs wasn’t an isolated incident and that the bureau had their hands full.

“They said ‘this is happening all over D.C. … and we’re not doing anything about it,'” one of the three anonymous sources told NBC News.

No easy way out

The sources added that Teamsters officials initially bargained with the attackers over the dark web, negotiating the ransom down to $1.1 million.

However, unlike the FBI, the group was advised by its insurance company not to settle with the attackers, which is why they decided to restore their network frombackup.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

An official Teamsters spokesperson told NBC News that the perpetrators only managed to lock one of the union’s twoemailsystems along with some other data, though personal information for its millions of active and retired members was never compromised.

The spokesperson added that while Teamsters was able to restore virtually all of its data from backups, some of it had to be imported from hard copies.

Tip of the iceberg

Those were simpler times, and ransomware gangs hadn’t learned the art of double extortion.

No data was exfiltrated and there were no threats of leaks. If a victim refused to pay, the threat actors would chalk it up to experience and simply move on to their next target.

However, the revelation once again highlights how many organizations simply don’t share details about the attacks.

If it wasn’t for Avaddon releasing the decryption keys for their victims, we wouldn’t have found out that thegroup attacked 2934 targets, a staggeringly large number compared to the mere 88 reported victims.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

3 reasons why PIA fell in our best VPN rankings

Stormforce Pro Creator 0601 workstation review