WASHINGTON – When the Teamsters were hit by a ransomware attack over Labor Day weekend 2019, hackers demanded a seven-figure payment.
But unlike many companies hit by high-profile ransomware attacks in recent months, the union has refused to pay, despite the FBI’s advice to do so, three sources familiar with the previously unreported cyberattack told NBC News.
“They locked the whole system down and said if we paid them they would give us the encryption code to unlock it,” said one of the sources, who all spoke to NBC News on condition of anonymity. because they were not allowed to discuss. the hack publicly.
So far, the main union had managed to keep hacking out of public view for almost two years. This points to a truth that cybersecurity experts say lurks beneath the surface of recent high-profile attacks: An unknown number of companies and organizations have been extorted without ever saying a word publicly.
Communicating with officials of the Teamsters on the dark web through a site provided in the ransom note, the attackers demanded $ 2.5 million in exchange for restoring the union’s access to the electronic files. The personal information of millions of active and retired members has never been compromised, according to a spokesperson for the Teamsters, who also said that only one of the union’s two messaging systems was frozen with other data.
Teamsters officials alerted the FBI and asked for help in identifying the source of the attack. They were told that many similar hacks were happening and that the FBI would not be able to help prosecute the culprit.
The FBI advised the Teamsters to “just pay it”, the first source said.
“They said ‘it’s happening all over Washington… and we’re not doing anything about it,'” a second source said.
Union officials in Washington were divided over whether to pay the ransom – going so far as to negotiate the number at $ 1.1 million, the sources said – but ultimately sided with their insurance company, which gave them the urged not to pay.
“They fought tooth and nail,” the first source said of the insurance company.
The Teamsters have decided to rebuild their systems, and 99% of their data has been restored from archival documents, some from hard copies, according to the union spokesperson.
The FBI’s communications office did not respond to repeated requests for comment. The FBI’s position is to discourage ransomware payments.
In recent years, criminal hacker gangs have embraced the use of ransomware, a type of malware that spreads to connected computers and steals or encrypts files. The gangs then demand a fee to unlock the files and keep them private.
But the practice of targeting specific businesses and organizations in the hopes of a big payoff started to take off in 2019, said Allan Liska, analyst at cybersecurity firm Recorded Future. He didn’t work on the Teamsters hack.
Now, most ransomware gangs blog and threaten to leak victims’ files if they don’t pay.
In 2019, however, the process was simpler: either the victim paid and hoped their files could be restored easily, or they didn’t and tried to fend for themselves. Either way, the interaction ended there.
Liska said it was easier to keep ransomware attacks out of public view. Initially, many victims simply chose not to let it be known that they had been hacked.
Ransomware has become a widely recognized problem in recent months, after hacker gangs crippled several hospitals, America’s largest fuel pipeline, and the world’s largest beef processor, making the problem impossible to ignore.