COSCO reclaims systems within a week of ransomware attack
Chinese shipping giant COSCO said Monday it has fully reclaimed control over its IT infrastructure, after suffering a ransomware attack that left it without emails and telephones across the Americas.
The company said: “All communication channels including telephone, email, and electronic data exchange have been restored.”
It added: “We are working at full capacity to process all service requests received previously, and the service response is expected to be back on track within this week. The global networks of COSCO SHIPPING Lines are safe and stable, and our global business operations are steady and orderly.”
The company’s US website remained offline this morning however, with an FAQ on the landing place saying “Under the premise of ensuring network security, www.cosco-usa.com has not yet open [sic] the application submitted through the website shall be temporarily submitted by mail (except VGM).”
“Customer service public email is back to normal except LA/LGB”, COSCO said, referring to emails for its services at the twin ports of Los Angeles and Long Beach; the second-busiest container port in the US.
The outage had left customers facing a frustrating wait to book in cargo as COSCO published contingency email addresses and attempted to keep freight moving.
As Computer Business Review reported Friday, the ransomware attack – confirmed in an internal email – had spread beyond its US network to the broader Americas, including Argentina, Brazil, Canada, Chile, Panama, Peru, and Uruguay.
The attack on the world’s largest shipping company by dry weight tonnage had taken out emails and phones, forcing it to publish a list of alternative Yahoo! email addresses.
An FAQ advisory for customers published on COSCO’s website had said it was unable to take specialist or hazardous cargoes, as maritime cybersecurity specialists Naval Dome warned IHS Fairplay that there was a risk of ship-based IT systems being breached.
Cosco said its UK websites, which remain down on Monday, had been closed to redirect customers to its global site instead.
No detail has leaked yet on the form of the COSCO ransomware, but the attack comes a year after Maersk Line suffered a NotPetya ransomware attack that cost the Danish carrier up to $300 million.
That attack forced the shipping company to install a completely new IT environment, including 4000 new servers, 45,000 new PCs and 2500 applications. COSCO said at the time it was unaffected by the attack despite its close relationship with Maersk and had “updated the patch and the virus database”. Cybersecurity experts have suggested a staffer fell victim to a spearphishing attack.