Welsh haulier Owens Group has suffered a major cyber attack, according to claims made on the dark web by LockBit ransomware group, which uses malicious software designed to block access to computer systems in exchange for a ransom payment.

The cyber attack on Owens Group follows a similar attack on KNP Logistics in June this year, which contributed to KNP having to call in the administrators in September.

News of the attack on Owens Group first emerged last week when LockBit posted a notice on its dark web portal, stating that it had gathered 710 GB of the Llanelli-based company’s data relating to the company’s finance, employees, and clients.

LockBit’s post was published on X (formerly known as Twitter) by FalconFeed, a company that monitors cyber security threats.


Source: Owens Group

FalconFeed’s screenshot of LockBit’s dark web page shows a list of data gleaned by LockBit’s malware. It includes finance-related information including “budget, audit, cash flow, balance sheet, P&L, tax returns, project calculations, YTD reports for all companies, bank statements and many other financial documents.”

Also listed is employee data, including lists with NI, DL, UTR Numbers, residential addresses, telephone, e-mail, passport scans, DOB, contracts, information about salaries, bonuses, starter form with personal data, and other confidential data. It also includes lists of drivers with personal data like DL and ID numbers.

LockBit also claims to have harvested a customer database with addresses, phone numbers, payment information, delivery addresses, NDA, contracts, mail correspondence, working documentation of operational activities, projects, incidents, and other internal documents.

Owens Group is one of three companies LockBit revealed as its latest victims on the post. However it appears that the Welsh family firm had breached its deadline to pay the ransom, as, unlike the other two companies, LockBit states in bold red lettering under its post about Owens Group that its data has been shared.

According to FalconFeed, Owens Group was also targeted by ransomware group Hunters International earlier last week. Hunters had posted on its dark web portal that Owens Group, along with Singapore-based DrilMaco and Mexican firm Idesa Group, were its latest victims. Hunters has links to the now defunct Hive ransomware group, which was dismantled through a coordinated international law enforcement operation in January this year.

A request for comment from Owens Group has yet to receive a response and the company’s website, whilst functioning, has a message saying the website is “currently undergoing maintenance to enhance your online experience with us.”

A major ransomware attack on KNP Logistics in June this year played a central role in the company’s demise. The company, which included subsidiaries Knights of Old, Nelson Distribution, Steve Porter Transport and Merlin Supply Chain Solutions, was forced to call in administrators FRP Advisory in September, after suffering the malware attack.

FRP Advisory said at the time that the cyber attack had hit key systems, processes and financial information and “adversely impacted” on the group’s financial position and its ability to secure additional investment and funding.

Nehal Thakore, Bosch CyberCompare UK country head, warned this week that logistics companies are vulnerable to cyber attacks. He told MT: “Recent news has shown that logistics, haulage and supply chain companies have increasingly become the hacker’s choice of business to target.

“These industries are extremely complex and often with multiple parts. Managing this complexity in a landscape constantly in flux can leave gaps of vulnerability within logistics, haulage and supply chain companies when it comes to protecting their assets, giving hackers the upper hand when searching for weaknesses and leading them to implementing ransomware attacks.

“As we’ve seen, these attacks cost businesses millions in lost revenue, result in job losses and reputational damage, trigger a collapse of consumer confidence and cause business closures in extreme circumstances.

He added: “Through its work with clients, CyberCompare has identified similar issues within the logistics, haulage and supply chain industries when analysing their security architecture for weaknesses.

“Increasingly sophisticated cyber threat capabilities now mean it is business-critical that companies are prepared for changing attacks. Being prepared is the cornerstone of robust cybersecurity, and these sectors have proven they have the ability to adapt and be prepared for new challenges.

“By combining independent and expert advice, with adept cybersecurity systems, haulage and logistics companies can stay ahead of new threats and improve the efficiency of their operations, leaving them in a much stronger position with their security posture and giving them the confidence that they are fully prepared for any imminent attacks that may come their way.”