Freight company Estes Forwarding Worldwide yesterday confirmed it notified victims, including customers and employees, of a May 28, 2025 cyber attack.
Ransomware gang Qilin took credit for the attack on June 23, 2025. To prove its claim, the cybercriminal group posted sample images of what it says are documents stolen from Estes. They include passport scans, driver’s licenses, and spreadsheets.
Estes has not verified Qilin’s claim. We do not yet know what data was compromised, how many people Estes has notified, if Estes paid a ransom, how much Qilin demanded, or how attackers breached Estes’ network. Comparitech contacted Estes Forwarding Worldwide for comment and will update this article if it replies.
“We wish to inform our valued customers, partners, and employees that our company experienced a cyber event on or about May 28,” CEO Scott Fisher said in an email obtained by FreightWaves. “We want to assure you there was no significant disruption to our business. Thanks to our robust cybersecurity protocols, system redundancies, and the swift response of our IT team and third-party security experts, we were fully operational within hours. We are grateful for the support of our parent company Estes Express Lines throughout this incident. Neither Estes LTL nor Estes Logistics were impacted by this event.”
This isn’t the first ransomware attack to hit Estes. In September 2023, ransomware gang LockBit took credit for an attack on the parent company of Estes Forwarding Worldwide, Estes Express Lines. Estes notified 21,184 victims of the resulting data breach, which compromised Social Security numbers among other data.
Who is Qilin?
Qilin is a ransomware gang that began claiming responsibility for attacks on its data leak site in late 2022. Based in Russia, Qilin mainly targets victims through phishing emails to spread its ransomware. It launched in August 2022 and runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.
Qilin has claimed responsibility for 39 confirmed ransomware attacks and made an additional 267 unconfirmed attack claims that haven’t been publicly acknowledged by the targeted organizations.
In March 2025, Qilin took redit for an attack on Kuala Lumpur International Airport in Malaysia.
In the past month alone, Qilin claimed responsibility for attacks on:
- Bruckner’s Truck & Equipment (USA)
- ASEFA Seguros (Spain)
- Skeggs Goldstein (Australia)
- Palawan MMG Cooperative Hospital (Philippines)
- Nipro Medical Corporation (USA)
Ransomware attacks on US transportation
In 2024, Comparitech researchers logged 17 confirmed ransomware attacks on US transportation businesses. In 2025, ransomware groups have made 78 such claims, but Qilin’s attack on Estes has been confirmed.
Some of last year’s ransomware attacks on US transportation include:
- Genpro notified 1,378 people of a September 2024 data breach claimed by BlackSuit
- Max Trans notified 2,200 people of a November 2024 data breach claimed by Play
- Biagi Bros notified 2,696 people of a December 2024 data breach claimed by Cactus
Ransomware attacks on US transportation can both steal data and lock down computer systems. Infected companies must pay a ransom or face extended downtime, data loss, and putting customers at increased risk of fraud. For transportation companies and their customers who rely on timely delivery, these attacks can be devastating.
About Estes Forwarding Worldwide
Estes Forwarding Worldwide is a Richmond, Virginia-based freight forwarder. It employs more than 1,000 people in offices across the United States.
Estes Forwarding Worldwide is a subsidiary of Estes Express Lines, a chain trucking company providing shipping services. External sources say Estes Express Lines employs about 20,000 people and is the largest less-than-truckload (LTL) company in the USA.
Source link
-
-
-
-
-
-
-
- Casibom – Casibom casino Yeni Giri Adresi – Casibom Giri Gncel.969
