We use cookies to provide you with a better experience. By continuing to browse the site you are agreeing to our use of cookies in accordance with our Cookie Policy.
  • INDUSTRY PRESS ROOM
  • ABOUT
  • CONTACT
  • MEDIA FILE
  • Create Account
  • Sign In
  • Sign Out
  • My Account
Free Newsletters
  • MAGAZINE
    • Current Issue
    • Archives
    • Digital Edition
    • Subscribe
    • Newsletters
    • Mobile Apps
  • TRANSPORTATION
  • MATERIAL HANDLING
  • TECHNOLOGY
  • LIFT TRUCKS
  • PODCAST ETC
    • Podcast
    • Webcasts
    • Blogs
      • One-Off Sound Off
      • Global Logistics and Risk
      • Empowering Your Performance Edge
      • Analytics & Big Data
      • Submit your blog post
    • Events
    • White Papers
    • Industry Press Room
      • Upload Your News
    • New Products
      • Upload Your Product News
    • Conference Guides
    • Conference Reports
    • Newsletters
    • Mobile Apps
  • DCV-TV
    • DCV-TV 1: News
    • DCV-TV 2: Case Studies
    • DCV-TV 3: Webcasts
    • DCV-TV 4: Viewer Contributed
    • DCV-TV 5: Solution Profiles
    • ProMat 2023
    • Upload Your Video
  • MAGAZINE
    • Current Issue
    • Archives
    • Digital Edition
    • Subscribe
    • Newsletters
    • Mobile Apps
  • TRANSPORTATION
  • MATERIAL HANDLING
  • TECHNOLOGY
  • LIFT TRUCKS
  • PODCAST ETC
    • Podcast
    • Webcasts
    • Blogs
      • One-Off Sound Off
      • Global Logistics and Risk
      • Empowering Your Performance Edge
      • Analytics & Big Data
      • Submit your blog post
    • Events
    • White Papers
    • Industry Press Room
      • Upload Your News
    • New Products
      • Upload Your Product News
    • Conference Guides
    • Conference Reports
    • Newsletters
    • Mobile Apps
  • DCV-TV
    • DCV-TV 1: News
    • DCV-TV 2: Case Studies
    • DCV-TV 3: Webcasts
    • DCV-TV 4: Viewer Contributed
    • DCV-TV 5: Solution Profiles
    • ProMat 2023
    • Upload Your Video
Home » Resilience360 Quantifies Impact of Ocean Carrier Cyberattacks
Press releases are provided by companies as is and have not been edited or checked for accuracy. Any queries should be directed to the company issuing the release.

Upload your press release

Resilience360 Quantifies Impact of Ocean Carrier Cyberattacks

October 30, 2020
No Comments

Recent cyber-attacks on ocean carriers have proven quite disruptive. Denmark’s Maersk Line incurred estimated damages of USD 300 million (EUR 253.81 million) due to the global ransomware attack it suffered in 2017. The latest attack on CMA CGM means that all the Big 4 shipping lines, including MSC and COSCO, have suffered recent disruptive cyber events. On October 1, the International Maritime Organization (IMO) also announced a cyber-attack against its IT systems, leading to disruptions in its public website and internal systems.

“Companies shipping by sea should remain vigilant of cyber intrusions that target shipping lines,” said Daniel Boccio, Supply Chain Risk Analyst, Resilience360. “Supply chain managers and IT professionals should collaborate on identifying the potential vulnerabilities and threats to their supply chains and should implement measures to increase resiliency and minimize the impact of such threats.”

On September 28, French container transportation and shipping company CMA CGM announced that it fell victim to a cyber-attack on its peripheral servers. The company has over 480 vessels, operating 200 shipping routes between 420 ports in 150 different countries. The attack led to limited IT availability across the group, sans CEVA Logistics, due to the company halting external access to applications to prevent the spread of the malware. The company later announced that it also suspects a data breach and the nature and the volume of the affected information.

Based on an assessment of the attack on the company’s China offices, preliminary assessments conclude that the attack is the work of the Ragnar Locker ransomware. In operation since December 2019, this ransomware acts in a typical manner of the Cyber Kill Chain, performing reconnaissance and exfiltrating sensitive information to be returned in exchange for ransom payment. The ransomware can be identified with an MD5 hash of 6171000983CF3896D167E0D8AA9B94BA, which serves as the primary indicator of compromise (IoC) for the threat. It is delivered as an unsigned MSI package and is known to attack Windows systems via VirtualBox.

The ransomware’s peripheral device discovery feature allows it to spread rapidly to removable and mapped network drives, explaining CMA CGM’s decision to temporarily disable external features. Notably, the ransomware has a unicode string comparison function that, when activated, prevents the ransomware from executing on computers using languages from the former Soviet Union, such as Belorussian, Azerbaijani, Ukrainian, Moldovan, Georgia, Armenian, Turkmen, Russian, Kyrgyz, Kazakh, Uzbek, and Tajik. Ragnar Locker was last seen attacking the EDP energy company in April 2020.

Given the ransomware’s peripheral device discovery feature, the company suspended its booking system to protect its customers. The suspension disrupted operations as employees lost access to internal e-mails and applications necessary to perform daily operations, with limited options for customer communications by phone. The company suspended access to electronic bookings through its websites and announced that all cargo booked before September 27 was secure; however, later bookings were yet to be processed. The company also requested customers to either call local offices or make bookings through an external booking system.

Company services at Chinese offices in Shanghai, Guangzhou, and Shenzhen were reportedly disrupted, with container terminal managers stating that cargo loading operations were likely to be affected, but ultimately were not. Fortunately, sources at Hong Kong Port stated that CMA CGM maintained normal operations at both the container terminal and on its vessels. On September 30, the company announced that operations were gradually returning to normal, with improvements to bookings and documentation processing times as back-offices reconnect to the network. Moreover, the company assured customers that maritime and port activities are fully operational, with alternative and temporary processes available for bookings.

Ragnar Locker not only targets entities of considerable logistics and industrial importance, such as EDP and CMA CGM, but also exploits VirtualBox. This is indicative of a greater threat posed to companies employing virtualization, and to an extent, remote services. Such a threat is even more notable with the considerable quantity of remote workers this year due to the COVID-19 pandemic.

While technological recovery is quick, residual business disruptions are likely, especially regarding time-sensitive shipments.

https://www.resilience360.dhl.com/news/ransomware-attack-on-french-carrier-cma-cgm-disrupts-shipping-operations/

https://www.resilience360.dhl.com/news/ransomware-attack-on-french-carrier-cma-cgm-disrupts-shipping-operations/
Submit your logistics, material handling, or supply chain related company news in DC VELOCITY's Industry Press Room section or New Products section
Transportation Technology Supply Chain Services
KEYWORDS Resilience360
    • Related Articles

      Winds of change: Report quantifies cost impact of “environmental risks”

      Resilience360 Reveals Global Impact of 2018 Supply Chain Disruptions

      CargoSphere Research Signals Universal Interest in Direct Ocean Carrier Feed of Confidential Rates

    You must login or register in order to post a comment.

    Report Abusive Comment

    Most Popular Articles

    • Logistics pay remains high, but job satisfaction dips

    • Schneider National opens innovation center at Wisconsin headquarters

    • FedEx trims costs again with plan to shut 29 locations in its less-than-truckload division

    • DHL Supply Chain will expand Locus Robotics fleet to 5,000 AMRs

    • Ocado plans to grow automation beyond grocery sector with 6 River Systems acquisition

    Now Playing on DCV-TV

    4cd1b546 9bdb 4b5e 9eaa 10bc1c4f367d

    The Robotize GoPal Autonomous Mobile Robot (AMR) Solution at Kärcher

    DCV-TV 4: Viewer Contributed
    Kärcher is a German global leader within cleaning products for both professional and home use. The company recently expanded its production capacity in Europe with the construction of a second factory in Romania. With two large factories in operation and a looming labor shortage, Kärcher began looking for a way to...

    FEATURED WHITE PAPERS

    • Exploring Customized Forklift Solutions

    • Exploring the Future of Labor Management With Capacity Planning

    • Three layers of forklift safety: Promoting operating best practices

    • The Complete Guide to Automated Packaging

    View More

    Subscribe to DC Velocity Magazine

    GET YOUR FREE SUBSCRIPTION
    • SUBSCRIBE
    • NEWSLETTERS
    • ADVERTISING
    • CUSTOMER CARE
    • CONTACT
    • ABOUT
    • STAFF
    • PRIVACY POLICY

    Copyright ©2023. All Rights ReservedDesign, CMS, Hosting & Web Development :: ePublishing