Sign up for our newsletter
Technology / Cybersecurity

COSCO Ransomware Spreads, Hazardous Cargo Bookings Cancelled

Chinese shipping giant COSCO said a ransomware attack has spread beyond its US network to the broader Americas, including Argentina, Brazil, Canada, Chile, Panama, Peru, and Uruguay.

That’s according to maritime intelligence house Lloyds List, which has reported that customers were also said to be facing issues in the UK and Turkey.

The attack on the world’s largest shipping company by dry weight tonnage has taken out emails and phones, forcing it to publish a list of alternative Yahoo! email addresses.

Switches to Yahoo! No Hazardous Bookings

In a separate statement on Thursday, COSCO said it had taken proactive measures to isolate internal networks to carry out technical inspections on a global scale, adding that affected network applications beyond the Americas had been recovered on Wednesday afternoon.

White papers from our partners

An FAQ advisory for customers published on COSCO’s website said that all vessels were operating normally and that bookings were still being taken (via Yahoo! email and its http://elines.coscoshipping.com/ebusiness website) with the caveat that it could no longer take specialist or hazardous cargoes.

“We regret to inform you that we will temporarily suspend taking HAZ and OOG booking during the network breakdown period”, it said though, referring to hazardous cargoes and “out of gauge” or non-standard sized cargoes.

Maritime cybersecurity specialists Naval Dome told IHS Fairplay: “Although COSCO has been quick to respond to this hack, the virus may have been dormant for some time, so I would not be surprised if other systems – shore- and ship-based systems – have been breached. We strongly recommend to whoever discovered the attack to thoroughly verify the breach has been contained and has not infected any ships in the COSCO fleet.”

COSCO Ransomware: Lessons from Maersk?

No detail has leaked yet on the form of the COSCO ransomware, but the attack comes a year after Maersk Line suffered a NotPetya ransomware attack that cost the Danish carrier up to $300 million.

That attack forced the shipping company to install a completely new IT environment, reverting to manual processes for 10 days in the outright absence of global IT systems.

AP Moller-Maersk’s chairman Jim Hagemann Snabe, revealed the full extent of damage caused by the infection at the World Economic Forum in Switzerland earlier this year.

“We basically found that we had to reinstall an entire infrastructure,” Snabe said.

“We had to install 4000 new servers, 45,000 new PCs, 2500 applications, and that was done in a heroic effort over 10 days.”

One can only hope that COSCO has a robust, air gapped back-up facility.
This article is from the CBROnline archive: some formatting and images may not be present.

CBR Staff Writer

CBR Online legacy content.