Naked Security Naked Security

Nerves jangled by new ransomware attack on shipping giant

The US network of one of the world’s largest shipping companies, COSCO (China Ocean Shipping Company), has been hit by a disruptive ransomware attack.

It’s an attack that will make many in the shipping industry feel very nervous for the second time in a year – the US network of one of the world’s largest shipping companies, COSCO (China Ocean Shipping Company), has been hit by a disruptive ransomware attack.
So far, the company has downplayed the incident, referring to it initially on 25 July as a “network breakdown”, elevated some hours later to the more specific “network security problem.”
The later statement said that the attack started in the Americas, which caused the company to isolate this region from the other parts of its global system:

As of now, all business operations have been back to normal in the regions with recovered networks.

The company’s US website and telephone network were reported to be down in an incident that centred on its Long Beach terminal.
According to shipping news sites that claim to have seen internal emails, the cause of the trouble was a ransomware attack which had prompted COSCO to tell its employees not to open suspicious emails.
This fits with a company statement that mentioned that “local email and network telephone cannot work properly at the moment”.


The whole sector has been on the lookout for this kind of incident since last year when industry behemoth Maersk reportedly lost hundreds of millions trying to combat the effects of the 2017 NotPetya attacks.
NotPetya affected a lot of other companies too – and not everyone was convinced its motive was straightforward ransomware to start with – but the huge financial losses suffered by the shipping giant showed the vulnerability of the industry to the worst-case scenario.
Fortunately COSCO’s attack doesn’t appear to be as serious, primarily disrupting its US email and phone networks. Its fleet of ships is operating normally.
One lesson from the Maersk experience was that mitigating an attack once it has started won’t be quick, or cheap.
One industry site described what is unfolding at COSCO as being a “proxy for the entire industry.” A sort of test case to see how well a big name in a sensitive industry can handle what amounts to a form of 21st century digital piracy.
In most industries, cyberattacks are seen as a routine hazard of running a business. For shipping companies however, those days have long gone – there is nothing routine about the damage such attacks can cause.