Hackers threaten shipping firm ECU Worldwide with data leak - FreightWaves

Hackers threaten shipping firm ECU Worldwide with data leak
Less-than-container load specialist’s owner, AllCargo Logistics, vows to ‘take any steps necessary, legal and otherwise, to protect our customers’ data and interests’
Nate Tabak, Border and North America Correspondent Nate Tabak, Border and North America Correspondent Follow on TwitterWednesday, March 31, 20210 1,414 2 minutes read
Containers being loaded onto a ship to illustrate the shipping firm ECU Worldwide being threatened with a data leak by hackers in a ransomware gang. ECU Worldwide, which specializes in less-than-container load (LCL) services, was hit by a cyberattack in February. (Photo: Jim Allen/FreightWaves)


A ransomware gang is threatening to release a massive trove of data stolen from shipping firm ECU Worldwide more than a month after a cyberattack caused serious disruptions to its online platforms.

The Mount Locker ransomware gang claimed in a post to its leak site on Sunday that it had taken 2 terabytes of data from ECU. The hackers have yet to release any data and did not respond to a message sent by FreightWaves.

ECU, a non-vessel operating common carrier (NVOCC) specializing in the consolidation of less-than-container load (LCL) shipments, was targeted in a cyberattack in February. The company’s owner, India-based AllCargo Logistics (NSE:ALLCARGO), acknowledged a “cyber incident” in a Feb. 16 letter filed with the National Stock Exchange of India.

AllCargo Logistics, one of India’s largest publicly traded companies, would not comment on the ransomware gang’s post directly or say whether any data had been stolen in an attack.

“We continue to diligently monitor our systems and processes and will take any steps necessary, legal and otherwise, to protect our customers’ data and interests,” AllCargo spokesperson Alok Roy said in an email to FreightWaves.

Cyberattack led to outages of ECU online platforms, email systems
AllCargo said that the incident impacted certain online platforms and the email system at ECU. In February, The Loadstar reported that the attack caused extensive headaches to customers, who were unable to communicate with the company.


“Whilst we did initially have to temporarily take our systems offline, our systems have been operational for some time now since the incident and our business is operating at an optimal level,” Roy said in an email.

Ransomware gangs like Mount Locker typically use the threat of a public data release to pressure victims to pay sums that can run into millions of dollars. The payments come in exchange for an enforceable promise to not release that data.

Read more: Ransomware attack on EDI provider highlights cyber risks in supply chain
While Mount Locker has yet to produce any proof that it stole any data, it has a track record of making good on its threats. Victims include U.K. construction giant Amey, which saw over 100 gigabytes of data leak.

The nature of ECU’s business involves extensive digital communications with shippers, ocean carriers and trucking and warehousing companies across the world. ECU has a large global presence with over 300 offices in more than 180 countries, according to the company’s website.

While it remains unclear what, if any, data was compromised, previous attacks on transportation victims have led to extensive leaks involving customer information. Hackers also commonly use attacks to target victims’ customers, often by sending sophisticated phishing emails, which appear legitimate and contain malware.

ECU has a significant presence in the U.S. The company moved over 38,000 shipments being imported into the United States during the past 12 months, according to the U.S. Customs and Border Protection data.