Chinese shipping giant COSCO said a ransomware attack has spread beyond its US network to the broader Americas, including Argentina, Brazil, Canada, Chile, Panama, Peru, and Uruguay.
That’s according to maritime intelligence house Lloyds List, which has reported that customers were also said to be facing issues in the UK and Turkey.
The attack on the world’s largest shipping company by dry weight tonnage has taken out emails and phones, forcing it to publish a list of alternative Yahoo! email addresses.
Switches to Yahoo! No Hazardous Bookings
In a separate statement on Thursday, COSCO said it had taken proactive measures to isolate internal networks to carry out technical inspections on a global scale, adding that affected network applications beyond the Americas had been recovered on Wednesday afternoon.
An FAQ advisory for customers published on COSCO’s website said that all vessels were operating normally and that bookings were still being taken (via Yahoo! email and its http://elines.coscoshipping.com/ebusiness website) with the caveat that it could no longer take specialist or hazardous cargoes.
“We regret to inform you that we will temporarily suspend taking HAZ and OOG booking during the network breakdown period”, it said though, referring to hazardous cargoes and “out of gauge” or non-standard sized cargoes.
Maritime cybersecurity specialists Naval Dome told IHS Fairplay: “Although COSCO has been quick to respond to this hack, the virus may have been dormant for some time, so I would not be surprised if other systems – shore- and ship-based systems – have been breached. We strongly recommend to whoever discovered the attack to thoroughly verify the breach has been contained and has not infected any ships in the COSCO fleet.”
COSCO Ransomware: Lessons from Maersk?
No detail has leaked yet on the form of the COSCO ransomware, but the attack comes a year after Maersk Line suffered a NotPetya ransomware attack that cost the Danish carrier up to $300 million.