Cyber Incident Victim: Apex Capital Corp.
Date:
Jul 2022
Location:
United States of America
Summary
A ransomware attack attributed to the BlackByte group disrupted operations at a financial services provider and its fuel subsidiary, causing system outages that initially prevented clients from accessing factoring services and fuel purchasing platforms. The attackers demanded payments ranging from $5,000 for 24-hour data release delays to $300,000 for purported data destruction, while also offering third parties access to stolen information for $200,000. Following restoration efforts, systems resumed with limited functionality, though the company declined to confirm potential data compromise. The incident impacted small trucking businesses reliant on the provider's financial tools, temporarily hindering fund access and fuel transactions. BlackByte, previously flagged in a joint FBI and Secret Service advisory, employs evolving extortion tactics including time-sensitive ransom options and potential data resale to third parties.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around July 25, 2022, Apex Capital Corp. and its subsidiary TCS Fuel experienced a ransomware attack that disrupted their computer systems, initially described by company president Chris Bozek as an "unplanned system outage." Two days later, Bozek confirmed the incident involved malware infection. The BlackByte ransomware gang claimed responsibility for compromising the Fort Worth, Texas-based financial services provider's operating systems, which subsequently forced TCS Fuel's network offline. The attack prevented small-business truckers from accessing Apex's factoring services and TCS Fuel's discount fuel card systems, disrupting their ability to process payments, fuel trucks, or pay owner-operators.
By July 30, Apex restored limited functionality to its client portal (AMP), mobile applications, and TCS Fuel's platforms. Full network operations resumed by August 1, according to Chief Product and Marketing Officer Sherry Leigh, who declined to confirm whether hackers exfiltrated data. BlackByte publicly listed ransom terms on Twitter: $5,000 for a 24-hour delay in data release, $300,000 for purported data destruction, and $200,000 for full data access. A rival factoring company temporarily offered to receive stolen data via Twitter before deleting the post. The FBI and U.S. Secret Service had previously warned in February 2022 that BlackByte targeted Windows systems via ransomware-as-a-service, employing evolving tactics like allowing third-party payments for data access. Emsisoft threat analyst Brett Callow noted potential operational overlaps with the Conti ransomware group but emphasized affiliates could be geographically dispersed. The incident impacted Apex’s core services for small-to-medium trucking companies, including accounts receivable factoring and fuel purchasing, though operational continuity was restored within one week.