Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Crime IT

Ransomware Attack Targeted Teamsters Union in 2019. But They Just Refused to Pay (nbcnews.com) 149

NBC reports that America's "Teamsters" labor union was hit by a ransomware attack demanding $2.5 million back in 2019.

"But unlike many of the companies hit by high-profile ransomware attacks in recent months, the union declined to pay, despite the FBI's advice to do so, three sources familiar with the previously unreported cyberattack told NBC News." Personal information for the millions of active and retired members was never compromised, according to a Teamsters spokesperson, who also said that only one of the union's two email systems was frozen along with other data. Teamsters officials alerted the FBI and asked for help in identifying the source of the attack. They were told that many similar hacks were happening and that the FBI would not be able to assist in pursuing the culprit.

The FBI advised the Teamsters to "just pay it," the first source said. "They said 'this is happening all over D.C. ... and we're not doing anything about it,'" a second source said.

Union officials in Washington were divided over whether to pay the ransom — going so far as to bargain the number down to $1.1 million, according to the sources — but eventually sided with their insurance company, which urged them not to pony up... The Teamsters decided to rebuild their systems, and 99 percent of their data has been restored from archival material — some of it from hard copies — according to the union's spokesperson.

The FBI's communications office did not reply to repeated requests for comment. The FBI's stance is to discourage ransomware payments.

NBC News draws a lesson from the fact that it took nearly two years for this story to emerge. "An unknown number of companies and organizations have been extorted without ever saying a word about it publicly."
This discussion has been archived. No new comments can be posted.

Ransomware Attack Targeted Teamsters Union in 2019. But They Just Refused to Pay

Comments Filter:
  • Risky move (Score:5, Funny)

    by Anonymous Coward on Monday June 14, 2021 @06:42AM (#61485348)
    That's how you end up buried under a football field somewhere.
  • by nucrash ( 549705 ) on Monday June 14, 2021 @06:44AM (#61485356)

    Realizing that they negotiate with some of the most difficult and powerful corporations in the world, ransomware lackeys are nothing to them.

    • by geekmux ( 1040042 ) on Monday June 14, 2021 @07:31AM (#61485448)

      Realizing that they negotiate with some of the most difficult and powerful corporations in the world, ransomware lackeys are nothing to them.

      Uh, they didn't "deal" with the lackeys at all. They became the lackey and got to work restoring all their shit the old-fashioned way. Apparently restoring even from hard copy.

      Absolutely they wield massive power in the business world but in this case? Really no different from any other victim. Just a bit better prepared.

      • by e3m4n ( 947977 )
        that we know of. This might be before your time but do a little research on a guy named Jimmy Hoffa. The Teamsters and the mafia go way back. If any of these hacking groups had a member turn up dead its not like it would make headlines. Its not like there is a hacker membership card in the dudes wallet or something. Most likely it will look like any other disappearance or suicide. Now if the FBI/CIA gets involved, you will know because magically child porn will be found on their computers.
      • This could best be described as a "partial" hack, only seizing one of two (why two?) email systems.

      • by MrKaos ( 858439 )

        They became the lackey and got to work restoring all their shit the old-fashioned way.

        So what. That's what sticking to your values looks like, even if it means doing things the hard way.

    • Realizing that they negotiate with some of the most difficult and powerful corporations in the world, ransomware lackeys are nothing to them.

      I figured the Teamsters' counteroffer was to have the hackers legs broken...?

      • by gtall ( 79522 )

        Don't be daft. Even if they found out who was behind it, they have to contract out the hit to some outfit probably in a foreign country. The crooks would get wind of it, or worse the FSB would. Soon, some poor innocent would be falsely fingered and whacked, and then there'd be an international incident. That would cause the Fed. Gov. to come down on the Teamsters, something they definitely do not want.

        • by e3m4n ( 947977 )
          When the FBI/CIA gets involved, childporn magically appears on the targets computer.
          When the Mob/mafia is involved, the person either disappears or is found suspect of 'suicide'.
          We will never know when/if the Teamsters get their revenge because there will never be a headline that some known member of insert-hacking-group-here was found dead from an apparent suicide or has been reported missing. At best there might be some 'milk carton' somewhere with their face on it, or a tiny blurb in the obituaries a
  • Two words. (Score:4, Funny)

    by Joey Vegetables ( 686525 ) on Monday June 14, 2021 @06:44AM (#61485358) Journal

    Baseball bat.

    Kneecap.

    (OK, so that's three words. Sue me.)

  • by Salgak1 ( 20136 ) <salgak@NospAM.speakeasy.net> on Monday June 14, 2021 @06:45AM (#61485360) Homepage

    . . . this being the Teamsters, whose knees got broken, and which hackers got to swim with the fishes?? ( not joking. The Teamsters play hardball at such things. . .)

    I grew up in a Teamsters home: both parents were members. You messed with the Teamsters at your peril. . . .

    • . . . this being the Teamsters, whose knees got broken, and which hackers got to swim with the fishes?? ( not joking. The Teamsters play hardball at such things. . .)

      They would first need to find out the identities of said hackers and then need to either send people to Russia or hire someone in Russia. I don't see them sending people and I'm pretty sure the hackers are connected with those that could be hired.

      • The teamsters refused to take their insurance companies money and pay the ransom, rather they collected 'reimbursement' from their insurance company, which a) gave them the opportunity to 'correct' any historical emails, b) gave them plausible deniability to claim any email or document from before the hack was 'lost', c) over-charge their insurance company for the recovery work.

        Anyone of those is reason enough not to pay the $1.1 million ransom, but as a package the upside to refusing to pay was simply too

    • ... and his friends would be able to find people a lot more dangerous than a bunch of overweight manual workers with baseball bats in the highly unlikely event it came to that sort of thing.

    • These are criminals we're talking about. They were probably Teamster's members.

  • by dogsbreath ( 730413 ) on Monday June 14, 2021 @06:48AM (#61485372)

    What would Jimmy Hoffa do?

    Find the bastards and break their legs if they were lucky. He certainly wouldn't involve the FBI.

    • by leonbev ( 111395 )

      Yeah, I think that some Russian hackers would end up in a messy "construction accident" if they messed with the Teamsters during the Jimmy Hoffa era.

    • Teamsters officials alerted the FBI and asked for help in identifying the source of the attack.

      The Teamsters involved the FBI to find out who did it. Not for advise on what to do regarding the ransomware.

      The Teamsters know what to do. They just needed help on figuring out who to do it to.

    • What would Jimmy Hoffa do?

      Wind up missing as his payment for playing with REAL mobsters

    • by gtall ( 79522 )

      Flunkie: Jimmy ole boy, we've been hacked!

      Jimmy: What, someone is cutting down our trees?

      Flunkie: NO! Our computer systems, the ones we require to keep our bullshit jobs.

      Jimmy: Uh-oh! I'll murderize them, I'll have them torn limb from limb! Where's my blood pressure meds. . .

      Flunkie: Hmmm. . .too late, Jimmy, should have asked for them BEFORE I told you. I'll tell your secretary you are out for the rest of the day.

  • by Canberra1 ( 3475749 ) on Monday June 14, 2021 @07:04AM (#61485392)
    I'm sure the insurance company premiums are way too low - and the FBI is not letting them know of real world numbers. In some countries, paying a ransom is illegal. This is why the new ransomware people are leaking details, so documenting the breach - which impacts insurance and director bonuses. However I know several IT speed backup/restore experts with no demand for their services. People bitten now think the cloud is safer. Should FBI tell them lightening starts in clouds?
    • If you're the one who kept stuff on premises and then couldn't handle this situation you're gone. If you handed it to Amazon or whoever instead and they get fucked it's on them and you have someone to point the finger at. This is middle manager 101 - never take responsibility for anything ever.

    • When was the last time we had a ransomware attack on the cloud? At least they know what the word backup means.

      • When was the last time we had a ransomware attack on the cloud? At least they know what the word backup means.

        It took 2 years to find out the Teamsters had been hacked. Of all the organizations in the world, you will never hear about a breach of a cloud company. It would destroy their business to admit it. This is why public disclosure laws will always have loopholes, too.

  • I'm glad they decided not to pony up the money and were able to restore 99% of the data. Plus, it appears that they had some segmentation on their network.
  • So, I heard you paint houses. This guy doesn't know it, but his interior needs painting.

  • by jellomizer ( 103300 ) on Monday June 14, 2021 @07:48AM (#61485494)

    Despite the idiotic response from the 2019 FBI (I sure home Biden would fire those bozo's who recommended it soon) YOU DON'T PAY THE RANSOM!
    When you see this is a threat, you improve your IT Security, infrastructure Make sure your backups are ready to restore data at a tolerable tolerance, for your organization. Make sure your employees are trained on how to spot and respond to malware and tricks to get you install them, make sure that security permissions are actually setup for what people need, vs just giving out higher security permissions as a "benefit" for being in with the right people. Just because you are the owner of the company, it doesn't mean you should have access to all the computer and data. Nor should say your Marking department have access to the Finance file shares....

    A lot of this can be done without spending millions on new software and consultants, just some extra employee time by your IT Staff, with support for upper management to reevaluate what you are currently doing and what can be done better. Knowing quite well, good Security Practices back in 1999 may not be as good for 2021, things can always be improved and reworked. Today's best security ideas next decade may be a joke.
    That is the nature of business in the 21st century. With uncertainty rising, with many factors, organizations need to town down their quarterly earnings, and plan to weather multiple problems and crisis.

    • Comment removed based on user account deletion
    • by hey! ( 33014 )

      I think the frequency with which these ransomware attackers find organizations completely unprepared demonstrates that despite that management has not achieved the status of a profession yet.

      A profession is about standards. A doctor treating an illness knows the standard of care for that illness. A lawyer drafting a contract knows what kind of standard clauses to put into it. These standards represent the collective experience of all their colleagues. A lawyer who has to learn the need for a force majeure

    • by King_TJ ( 85913 )

      It's inconceivable to me how any company in the last 2 decades could operate without backups of their critical data? Ransomware attacks should be considered no different than any other disaster like a fire in the server room. The solution isn't paying off the hackers who caused your problem to begin with! The solution is restoring from your backups and then shoring up the security flaws that got you into the problem to begin with!

      Paying the hackers still leaves you in a completely unknown state; Will the

    • YOU DON'T PAY THE RANSOM!

      That's dumb. The reality is you do a cost benefit analysis to see if its worth paying the ransom. Fixing IT security after the fact is not a "business continuity strategy". And the moral high ground is worthless if you go out of business to achieve it.

  • They advised them to pay? Over the past ten years or so, it's become obvious that the FBI is just another self-serving, pointless, lumbering bureaucracy.
    What a joke of an agency.
    • Payment (Score:5, Interesting)

      by JBMcB ( 73720 ) on Monday June 14, 2021 @08:30AM (#61485666)

      I know someone who works for a company that got hit with a serious ransomware attack. Took down their entire production system. The FBI told *them* that it is illegal to pay the ransom, and if they did they would be going to jail. I'm not sure the FBI knows what they are doing at this point.

      • I know someone who works for a company that got hit with a serious ransomware attack. Took down their entire production system. The FBI told *them* that it is illegal to pay the ransom, and if they did they would be going to jail. I'm not sure the FBI knows what they are doing at this point.

        Well, you didn't mention the fact that the system that got compromised, was the W.O.P.R.** It's kind of important.

        (** = Yup, you guessed it...last time they changed the password, was 1983.)

    • It's easy to see the Agent had a bias and went against their long standing policy for this victim.

      The FBI is way behind tech wise but this ransom stuff is new and not really something they can do a whole lot about even if they were up to date, well funded, and well staffed. It's all based around secure encryption done by expert hackers. It's not going to be brute forced and working with bitcoins to catch foreign experts is also not what the FBI is setup to do. It's more of a CIA or NSA type thing... Somebo

  • Ransomware attacks are common, for years.

    Not paying is the appropriate thing to do, but some orgs have no choice for financial or technical reasons.

    This happened two years ago. Why the fuck is it being reported now, as if it were some meaningful event? It's a big fat "so fucking what?" dug up form the annals of ancient history.

    Is there a dearth of recent ransomware drama and in order to continue fomenting fear and they're having to did into the archives?

    • Murders are common. For thousands of years now.

      How many died in major US cities this weekend? Oh, you don't know?

      But if say, a politician got killed...needless to say we'd certainly hear about that murder...

      And targeting the fuel pipeline that feeds 45% of the Eastern seaboard of the US, ain't exactly sitting in the category of "so fucking what".

      Also, clickbait. "We'll report on anything that creates attention these days." - Professional Attention Whore

  • The lesson (Score:4, Interesting)

    by LatencyKills ( 1213908 ) on Monday June 14, 2021 @08:33AM (#61485676)
    The lesson here is one that all companies should take. Not to go out and find the guys and break kneecaps, but to be prepared to restore your systems yourself from backups. From TFS, 99% of their systems were restored from archival backup. Why on earth would you pay millions for 1% of what's on your system? If you would pay millions, than I would think it wise to pay a few hundred grand up front to make sure that 1% is backed up repeatedly and remotely.
  • My Company was hit in 2017. We didn't pay. We had secure off-site back ups of all of our important data. It took nearly a week to get everything up and going, and all of our older files are now dated 2017 (which can be a bit annoying sometimes, but not typically an issue), but we didn't have to pay a dime.

    We didn't pay a dime because we aren't stupid and we had off-site back ups. It's not that hard people.

  • They probably kept their server locked in a bathroom closet. No way to get hacked there. Oh wait.
  • Ransomware gang: "Lets make a bunch of work for a labor union and then charge them to to do the work better than they can!"

    "...wait, that didn't work? Don't these guys care about efficiency and deadlines? We definitely charged them less than it would take to fix it themselves, right?"

  • Of course they're not going to give any away to fellow extortionists.

    If only more entities would do the same then perhaps these jackals would find more productive work for their technology skills.

  • "Hey Paulie. I want you to tell me by next week about those ransomware jamokes."

    "I can tell you right now, boss. They sleep with the fishes."

  • What kind of advice is the FBI handing out to victims of crimes under their jurisdiction?

    Pay the hackers?

    What's next? Pay the blackmailers, bank robbers, utility companies?
  • people knew what they were talking about.

    It's been decades since the Mob controlled the Teamsters.

    And the Teamsters seem, unlike all the CEOs and capitalists, be more interested in protecting themselves, and security for some reason. Maybe because there's no big payout to the execs for *not* doing security and backups.

  • Sure would be a shame is something were to happen to it...

  • The Teamsters decided to rebuild their systems, and 99 percent of their data has been restored from archival material â" some of it from hard copies

    Interesting result...one could imagine an IT department desperate to rebuild aging systems, that would malware themselves just to gut buy-in on a total rebuild.

    Not saying that is what happened here, just that you could imagine that being a possibility at some point for some companies. It might make for a good book anyway...

    Kudos to the Teamsters IT for bei

  • These people don't use technology like most companies, deals are made on golf courses and restaurants. When the bosses heard they wanted $$ they probably just said fuck off.
    • They had secure backups that worked, the data was encrypted and they didn't expose any information, they only contacted the FBI to catch the criminals, they didn't need their data back as they had not lost anything but time

  • This is one of the reasons you have Secure Offsite backups ... ...if it is cheaper and simpler to pay the ransom you either don't have secure backups at all or they are too expensive or not being done right ...

Fast, cheap, good: pick two.

Working...