Cybersecurity Threat: Geodis Thai Targeted by AlphaLocker Ransomware Attack

Incident Date:

April 18, 2024

World map



Cybersecurity Threat: Geodis Thai Targeted by AlphaLocker Ransomware Attack






Levallois-Perret, France

, France

First Reported

April 18, 2024

Ransomware Attack on Geodis Thai by AlphaLocker

Company Profile

Geodis Thai Company Limited, a subsidiary of the global logistics and transport leader Geodis Group, has been operational for over four decades. With a focus on freight forwarding and customs brokerage, the company is a significant player in the logistics sector in Thailand. Geodis Thai is known for its comprehensive range of services including air and sea freight, customs clearance, and industrial projects, making it a pivotal entity in facilitating international and domestic trade.

Cyber Attack Details

The ransomware attack on Geodis Thai was orchestrated by a group known as AlphaLocker, which operates under a ransomware-as-a-service model. This incident involved the encryption of critical data, specifically targeting SQL databases essential for the company's operations. The attack has compromised significant operational data, impacting the company's logistics and freight operations.

AlphaLocker's Modus Operandi

AlphaLocker, emerging in mid-2023, utilizes phishing emails with malicious attachments to deploy its ransomware. Once activated, the ransomware employs an asymmetric encryption algorithm to lock files, demanding a ransom for decryption keys held on remote servers. The group's low-cost and accessible ransomware model poses a significant threat, particularly to large organizations like Geodis Thai with extensive digital infrastructures.

Industry Impact and Vulnerabilities

As a major entity in the logistics and freight forwarding industry, Geodis Thai's extensive data and interconnected systems make it an attractive target for cybercriminals. The reliance on digital platforms for managing complex logistics operations exposes the company to heightened cybersecurity risks, particularly to ransomware attacks that can cripple critical operational data and infrastructure.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.