Japan’s biggest port, the Port of Nagoya, has been shut down after a cyberattack by the LockBit ransomware gang. The Russian cybercriminals have been on a crime spree this week, claiming ten new victims in the last five days.
The port has been out of action since yesterday morning, when the problem was discovered, operator Nagoya Harbour Transportation Authority (NHTA) said. Automaker Toyota is among the major Japanese companies to have been hit by disruption as a result of the breach.
LockBit hits ten victims including the Port of Nagoya
The attack was discovered at 6.30am on Tuesday morning, when an employee at the NHTA was unable to access the Nagoya United Terminal System (NUTS), the computer system used to operate the port’s five cargo terminals.
A ransom note produced by the office printer confirmed that the port had fallen victim to a ransomware attack at the hands of LockBit 3.0, the latest iteration of the notorious hacking gang. The value of the ransom demand has not been disclosed.
NHTA officials have said they expect the port to be fully operational by Thursday morning, but as it handles 10% of Japan’s total import and export trade, a two-day closure is likely to have significant knock-on effects.
Toyota, which uses the port to import and export components, says it will “closely monitor any impact on production while carefully examining the parts inventory”, adding that it holds sufficient inventory to mitigate any issues.
This is the second time the Port of Nagoya has been attacked. Last September, the harbour was hit by a large Distributed Denial of Service (DDoS) attack where NUTS was down for almost an hour. Another Russian gang, Killnet, came forward as the perpetrator of the DDoS attack.
This should have been a warning sign to the NHTA that its system needed a cybersecurity overhaul, explains Tom Lysemose Hansen, CTO and co-founder of security vendor Promon. “What’s the old saying? ‘Fool me once, shame on you. Fool me twice, shame on me’,” he says. “It seems, despite this becoming somewhat of a regular occurrence, the lesson still hasn’t been learnt and security isn’t a top priority for the port.”
He adds: “I fear that if this is seen to be a successful attack, it will only lead to further cases of ransomware targeting the maritime sector in the near future.”
The other new LockBit victims
The Nagoya Harbour Transportation Authority is just one of the ten companies hit so far in LockBit’s five-day ransomware crime spree.
Today, three businesses were posted to the gang’s dark web victim blog, namely MITRE, a technical consultant from Thailand, Euro Support in the Netherlands and the Spanish organisation Reclam Laser.
All three companies have been given until July 19 to commence negotiations before sensitive data is leaked onto the dark web. Euro Support has been given the largest ransom, of $699,000, followed by Recal Lasar, which has been issued with a $349,000 ransom. There is no ransom on MITRE’s post, just a clock, counting down.
Other victims in the last five days include Italian machinery and equipment firm Blowtherm, which has been given a deadline of July 17 and a ransom of $140,000. An oil and gas company in Canada and a Spanish mining company have also been hit, but their details have not yet been released into the public domain.
Last week, LockBit also hit the world’s leading semiconductor manufacturing company TSMC, claiming to have stolen the company’s data by breaching a supplier. TSMC has been issued with a ransom of $70,000,000 and a deadline of August 6 by which to comply.