Teamsters was hit by ransomware in 2019, but refused to pay up

(Image credit: Shutterstock / binarydesign)

When the International Brotherhood of Teamsters, more widely known simply as Teamsters, was targeted by ransomware back in 2019, the US and Candian labor union simply refused to pay, new reports have revealed.

Asked for $2.5 million, Teamsters decided to simply rebuild its entire network instead of caving in to the demands of the attackers, NBC News reported, based on details shared by anonymous sources.

The sources familiar with the previously unreported attack claim that back then even the Federal Bureau of Investigation (FBI) advised the union to just pay the ransom, a far cry from its current stance.

When Teamsters officials alerted the FBI and asked for help in identifying the source of the attack, they were informed that theirs wasn’t an isolated incident and that the bureau had their hands full.

"They said 'this is happening all over D.C. ... and we’re not doing anything about it,'" one of the three anonymous sources told NBC News.

No easy way out

The sources added that Teamsters officials initially bargained with the attackers over the dark web, negotiating the ransom down to $1.1 million.

However, unlike the FBI, the group was advised by its insurance company not to settle with the attackers, which is why they decided to restore their network from backup

An official Teamsters spokesperson told NBC News that the perpetrators only managed to lock one of the union's two email systems along with some other data, though personal information for its millions of active and retired members was never compromised. 

The spokesperson added that while Teamsters was able to restore virtually all of its data from backups, some of it had to be imported from hard copies. 

Tip of the iceberg

Those were simpler times, and ransomware gangs hadn’t learned the art of double extortion. 

No data was exfiltrated and there were no threats of leaks. If a victim refused to pay, the threat actors would chalk it up to experience and simply move on to their next target. 

However, the revelation once again highlights how many organizations simply don’t share details about the attacks. 

If it wasn’t for Avaddon releasing the decryption keys for their victims, we wouldn’t have found out that the group attacked 2934 targets, a staggeringly large number compared to the mere 88 reported victims.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.