Teamsters refused to pay a ransomware attack in 2019

The Teamsters labor union was hit with a ransomware attack in 2019 but refused to pay the seven-figure payment demanded by hackers, despite being advised by the FBI to do so, a Teamsters spokesperson confirmed to The Hill. 

The cyberattack, which was first reported by NBC News on Friday, occurred over Labor Day weekend and was not previously revealed to the public. 

The Teamsters spokesperson who spoke to The Hill declined to comment beyond what was included in NBC’s article. 

NBC reported that attackers had demanded $2.5 million in exchange for restoring the union’s access to its electronic files, which included the personal information of millions of active and retired members. 

However, a Teamsters spokesperson told NBC that only one of the union’s two email systems was frozen, and no personal information was compromised. 

“They locked down the entire system and said if we paid them they would give us the encryption code to unlock it,” one of the sources told NBC. 

Each of the sources spoke on the condition of anonymity because they were not authorized to publicly speak on the matter. 

The people told NBC that they had alerted the FBI to the attack, and that the agency said it would not be able to assist the union in identifying and pursuing the hackers. 

Instead, one source said the FBI told union officials to “just pay it.” 

“They said ‘this is happening all over D.C. … and we’re not doing anything about it,’ ” another person told NBC. 

Ultimately, the union decided not to pay the ransom based on advice from its insurance company, and instead rebuilt its systems based on archived materials, NBC reported. 

News of the nearly two-year-old incident comes amid a series of recent high-profile ransomware attacks across the country. 

The FBI told The Hill that it did not have any comments specifically on the Teamsters hacking incident, but pointed to its policy of traditionally advising against ransomware payments.

The FBI said on its website that paying a ransom “doesn’t guarantee you or your organization will get any data back,” and also “encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.” 

NBC’s report came the same day Rep. Carolyn Maloney (D-N.Y.), chairwoman of the House Oversight and Reform Committee, asked JBS USA chief executive Andre Nogueira to provide an explanation on why the meat processing company paid $11 million to a Russian criminal group following a ransomware attack earlier this year. 

The attack followed a similar one against Colonial Pipeline, which forced a halt to production that induced panic buying and a gas shortage across the East Coast. 

Colonial CEO Joseph Blount confirmed that the company paid the equivalent of $4.4 million in bitcoin to end the hack.

This story was updated at 6:04 p.m.