Internal email confirms ransomware; comes after Maersk Line was hit by NotPetya
A ransomware attack has crippled the US network of Chinese shipping giant COSCO, with the the Chinese Ocean shipping company’s US website and email both locked down.
COSCO have released a statement confirming that they are experiencing issues: “Due to local network breakdown within our America regions, local email and network telephone cannot work properly at the moment.”
“For safety precautions, we have shut down the connections with other regions for further investigations,” they added.
An internal email seen by maritime intelligence company Llloyds List confirmed it was a ransomware attack, the company’s Chichen Shen reported.
Systems in COSCOs Chinese headquarters and offices outside the US were not affected. COSCO recommended US-related clients to submit booking requests, shipping instructions and amendments by using the e-commerce service on its website.
“Some parts of your emails may be missed or delayed. Please keep tracing your shipment via ‘cargo tracking’ at our official website,” the company said.
It said it was assessing the incident and taking measures to minimise the impact of on business. The attack comes a year after Maersk Line suffered a NotPetya ransomware attack that cost the Danish carrier up to $300 million.
Fleet is Fine: “So Far”
“So far, all the vessels of our company are operating as normal”, the company added.
While COSCO have only said it is a “local network breakdown” it is widely believed by industry watchers to be a ransomware attack.
The fact that the company is warning its employees in regions outside of the Americas not to open an email attachments seems to give weight to this speculation.
David Emm, Principal Security Researcher at Kaspersky Lab told Computer Business Review that: “We know that ransomware attacks can have a huge impact on businesses.
“This became clear in the wake of last year’s Wannacry and ExPetr ransomware attacks Maersk, for example, reported a $300 million loss in the wake of ExPetr, showing just how devastating the financial consequences can be.”
“Ransomware attacks can be executed using social engineering techniques – for example, phishing emails with links or attachments – or by using exploits in widely-used software.”
“This can have a devastating impact on a business – where one compromised device can form a bridgehead for the malware to spread across the corporate network, or where the company can be compromised through its supply-chain,” he added.
Javvad Malik, security advocate at AlienVault told us in an emailed statement that: “Ransomware continues to wreak havoc within companies.”
“It’s unclear whether this was a targeted or casual attack, but employees should be trained to be able to recognise suspicious emails and not click on links; or have an easy-to-escalate route where they are unsure as to whether an email is malicious or not.”
“COSCO was wise to segregate the infected network from the rest of the networks in order to prevent further spread. It’s important for companies to have a recovery and response plan prepared in advance so that business functions can be resumed quickly.”
As of the time of writing the cosco-usa.com, the shipping companies main website for the American market is still experiencing down time.
Customers have been informed that they cannot contact the company via any electronic means. The phone network is still operational, but users will experience severe delays.
The shipping company said in their statement that: “So far, all the vessels of our company are operating as normal, and our main business operation systems are performing stably. We are glad to inform you that we have taken effective measures.”
“Except for above regions affected by the network problem, the business operation within all other regions will be recovered very soon. The business operations in the affected regions are still being carried out, and we are trying best to make a full and quick recovery.”
COSCO operates a global fleet of 1114 vessels with a capacity of 85.32 million DWT, making it the world’s largest for DWT. Its container fleet capacity is 1.58 million TEU, making it the fourth in the world.