Expeditors shuts down global operations after likely ransomware attack

Seattle-based logistics and freight forwarding company Expeditors International has been targeted in a cyberattack over the weekend that forced the organization to shut down most of its operations worldwide.

With annual gross revenue of around $10 billion, Expeditors has 350 locations and over 18,000 employees worldwide, providing critical logistics solutions for its customers. Its services include supply chain, warehousing and distribution, transportation, customs and compliance.

The company does not mention the type of cyberattack but from its description and an anonymous tip to BleepingComputer, it looks like a massive ransomware incident.

If you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731.

Widespread cyberattack

At 9:20 AM EST Sunday morning, BleepingComputer received an anonymous tip saying that Expeditors suffered a large ransomware attack.

While we could not independently verify the attack, soon after Expeditors published a short notification at around noon (EST time) on Sunday announcing a global systems downtime after shutting down operations due to a targeted cyberattack.

“Systems may be unavailable during this time, as we assess and stabilize, the safety of our global environment, backup procedures are being implemented” – Expeditors International

In a subsequent press release on Sunday night, the company reiterated that the cyberattack forced it to shut down most of its operating systems globally, to maintain “the safety of our overall global systems environment.”

The impact is significant, as Expeditors is limited in its operations, which include freight, customs, and distribution activities, which could cause shipments of its customers to stagnate.

Systems will continue to be offline until they can be securely restored from backups, the company notes.

At the same time, the company is looking for solutions with its carriers and service providers to minimize the impact on customers. However, there is no estimation of when operations will resume.

A global team of cybersecurity experts is currently investigating the attack and helping the business restart activity.

Although Expeditors did not mention the nature of the incident, they were likely hit by ransomware, as shutting down operations globally and restoring them from backups is usually a course of action prompted by network-wide encryption.

The company says that it will cover all expenses for investigating the cyberattack and for its remediation, which are expected to extend for a larger period.

Furthermore, Expeditors describes the incident as a “significant event” that “could have a material adverse impact on our business, revenues, results of operations and reputation.”

Although it cannot be estimated when Expeditors International’s business will return to normal, the company says that it will provide updates when it is “able to do so confidently.”