Ransomware Attack on Glacier Transit & Storage by Hunters International

Glacier Transit & Storage (GTS), a family-owned logistics company based in Plymouth, Wisconsin, has fallen victim to a ransomware attack orchestrated by the cybercriminal group Hunters International. Established in 1955, GTS specializes in warehousing, distribution, and transportation services, with a significant focus on temperature-sensitive storage solutions. The company operates a substantial warehousing capacity, including 13 million cubic feet of refrigerated space and 250,000 square feet of ambient storage, catering primarily to the dairy and food sectors.

GTS is recognized for its commitment to customer service and operational excellence, maintaining an asset-based fleet certified by SmartWay for environmentally friendly logistics solutions. The company also offers specialized services such as inventory financing, cross-docking, and customized packaging, which have earned it a reputation for reliability and professionalism in the logistics industry.

Despite its strengths, GTS's reliance on digital systems for inventory management and logistics operations may have made it vulnerable to cyber threats. Hunters International, a Ransomware-as-a-Service (RaaS) group, has claimed responsibility for the attack, asserting that they have exfiltrated approximately 12 GB of sensitive organizational data from GTS's systems. This breach highlights the potential risks faced by companies in the logistics sector, where disruption can have significant operational and financial impacts.

Hunters International emerged in October 2023, leveraging code from the defunct Hive ransomware group. The group is known for its sophisticated double extortion tactics, which involve encrypting files and threatening to publish stolen data unless a ransom is paid. Their malware, developed in Rust, is designed for cross-platform targeting, making it adaptable to various enterprise environments.

The attack on GTS likely involved initial access through phishing campaigns or exploitation of remote services, followed by lateral movement within the network to exfiltrate data. Hunters International's ability to bypass advanced security measures and their use of custom malware like SharpRhino underscore the group's technical sophistication and the challenges faced by organizations in defending against such threats.

Sources

• Glacier Transit & Storage
• Halcyon Blog: Last Week in Ransomware
• LinkedIn: Glacier Transit & Storage
• Dun & Bradstreet: Glacier Transit & Storage
• Refrigerated & Frozen Foods: Glacier Transit & Storage