CSX has been the victim of a ransomware attack, which became apparent when screenshots of internal CSX files were posted to a "leak site" yesterday. CSX told FreightWaves that it recently discovered the attack, and the only data stolen, as far as they know, was personal data of CSX employees, both active and retired.
The software hacked is a file-transfer system known as Accellion, and government agencies and companies who still use this software were targets of in cyberattacks in December and January.
CSX said “To date, this incident has had no impact on business operations or our ability to serve our customers.”
As most readers know, ransomware is software placed in a computer system with which the hacker can steal data or, often, seize control of a computer system and not release the control until the victim pays the hacker money.
According to the FreightWaves report, a ransomware “gang” known as “Clop” has not told anyone how much CSX data it stole, pointing out that ransomware hackers often post some of what they’ve stolen slowly to maintain pressure on the victim to pay.
CSX has had little to say about the hack, but said it occurred because the Accellion software had a vulnerability that provided an opening for the hackers. Accellion software is 20 years old. CSX de-installed Accellion in January, and has moved to a new system for the work Accellion was doing.
A cybersecurity threat analyst warned that there could be a lot more attacks coming, as Clop and other ransomware gangs often stage attacks on the customers of the first large company hacked. The analyst, Brett Callow with Emsisoft a firm specializing in cybersecurity, warned that CSX customers should be on “high alert” for ransomware attacks.