View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Japan’s Port of Nagoya paralysed in LockBit’s latest ransomware rampage

Japan's biggest harbour has been paralysed by LockBit's latest hack. It brings the group's victims to 10 in five days.

By Claudia Glover

Japan’s biggest port, the Port of Nagoya, has been shut down after a cyberattack by the LockBit ransomware gang. The Russian cybercriminals have been on a crime spree this week, claiming ten new victims in the last five days.

Nagoya Harbour Transport Authority hit by devastating cyberattack at the hands of LockBit 3.0. (Photo by TungCheung/Shutterstock)

The port has been out of action since yesterday morning, when the problem was discovered, operator Nagoya Harbour Transportation Authority (NHTA) said. Automaker Toyota is among the major Japanese companies to have been hit by disruption as a result of the breach.

LockBit hits ten victims including the Port of Nagoya

The attack was discovered at 6.30am on Tuesday morning, when an employee at the NHTA was unable to access the Nagoya United Terminal System (NUTS), the computer system used to operate the port’s five cargo terminals. 

A ransom note produced by the office printer confirmed that the port had fallen victim to a ransomware attack at the hands of LockBit 3.0, the latest iteration of the notorious hacking gang. The value of the ransom demand has not been disclosed.

NHTA officials have said they expect the port to be fully operational by Thursday morning, but as it handles 10% of Japan’s total import and export trade, a two-day closure is likely to have significant knock-on effects.

Toyota, which uses the port to import and export components, says it will “closely monitor any impact on production while carefully examining the parts inventory”, adding that it holds sufficient inventory to mitigate any issues.

This is the second time the Port of Nagoya has been attacked. Last September, the harbour was hit by a large Distributed Denial of Service (DDoS) attack where NUTS was down for almost an hour. Another Russian gang, Killnet, came forward as the perpetrator of the DDoS attack.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

This should have been a warning sign to the NHTA that its system needed a cybersecurity overhaul, explains Tom Lysemose Hansen, CTO and co-founder of security vendor Promon. “What’s the old saying? ‘Fool me once, shame on you. Fool me twice, shame on me’,” he says. “It seems, despite this becoming somewhat of a regular occurrence, the lesson still hasn’t been learnt and security isn’t a top priority for the port.”

He adds: “I fear that if this is seen to be a successful attack, it will only lead to further cases of ransomware targeting the maritime sector in the near future.”

The other new LockBit victims

The Nagoya Harbour Transportation Authority is just one of the ten companies hit so far in LockBit’s five-day ransomware crime spree.

Today, three businesses were posted to the gang’s dark web victim blog, namely MITRE, a technical consultant from Thailand, Euro Support in the Netherlands and the Spanish organisation Reclam Laser.

All three companies have been given until July 19 to commence negotiations before sensitive data is leaked onto the dark web. Euro Support has been given the largest ransom, of $699,000, followed by Recal Lasar, which has been issued with a $349,000 ransom. There is no ransom on MITRE’s post, just a clock, counting down.

Other victims in the last five days include Italian machinery and equipment firm Blowtherm, which has been given a deadline of July 17 and a ransom of $140,000. An oil and gas company in Canada and a Spanish mining company have also been hit, but their details have not yet been released into the public domain. 

Last week, LockBit also hit the world’s leading semiconductor manufacturing company TSMC, claiming to have stolen the company’s data by breaching a supplier. TSMC has been issued with a ransom of $70,000,000 and a deadline of August 6 by which to comply. 

Read more: Anonymous Sudan claims Microsoft data breach, says it will target Israel

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.