The October 2023 cyberattack against Estes Express Lines was indeed ransomware, but the company has paid no ransom demand as yet.
The company confirmed the news in an email recently sent to affected customers, The Register reports.
As per the email, sent to roughly 21,000 people, threat actors accessed the company’s IT infrastructure on October 1, 2023, and managed to deploy ransomware. “In accordance with the standard recommendation of the FBI and financial regulators, Estes did not pay the ransom,” the letter reads.
The company also filed a data breach notification with the Maine Attorney General, in which it says that criminals stole names, Social Security Numbers, and “other personal identifiers”. The Register speculates that threat actors exfiltrated more than this due to “blank text in the letters”.
Estes did not share additional details, including the identity of the attackers, how they managed to compromise the company endpoints (via malware or social engineering), what types of data they stole, whose data that was, or what the ransom demands were. However, operators of the infamous LockBit ransomware have claimed responsibility for the attack, and said they leaked data stolen from the company.
Since the attack, Estes notified the police and other law enforcement agencies and managed to “completely” restore its system capabilities. The FBI is currently investigating the matter, it said.
Estes states that it’s “not aware of any identity theft, fraud, or financial losses resulting from this incident,” and adds that it will give affected customers 12 months of free identity monitoring via Kroll.
Estes Express Lines is a privately owned American freight transportation provider based in Richmond, Virginia. Founded in 1931 by W. W. Estes, the firm continues to be owned and operated by the Estes family. As the largest privately held less-than-truckload (LTL) firm in the United States, the company boasts roughly 20,000 employees, more than 6,700 tractors and 30,000 trailers, and a network of over 240 terminals.