A shipping giant is likely to run up in millions of dollars of additional costs after a ransomware attack apparently crippled its US network.
The attack was against COSCO (China Ocean Shipping Company), which is a Chinese owned shipping giant.
It comes after its larger shipping rival Maersk admitted in August 2017 that its operations had been impacted by the NotPetya ransomware attack. Indeed, so serious was that particular attack, that Maersk said it suffered between $200m to 300m financial loses as a result.
And while Cosco is a smaller entity than Maersk, the loss of operational infrastructure is likely to cause it financial hardship.
Cosco blamed a ‘local network failure’ for the outage of its US network.
“Due to local network breakdown within our America regions, local email and network telephone cannot work properly at the moment,” the firm said in a press release. “For safety precautions, we have shut down the connections with other regions for further investigations.”
But according to Bleeping Computer which quoted internal emails seen by several maritime news sites, the company has referred to the incident as a ransomware infection.
Cosco did not respond to Bleeping Computer but the firm has apparently warned its staff not to open suspicious emails.
Instead staff are using public Yahoo email accounts to answer customer questions.
It is reported that the incident took place on Tuesday 24 July and has impacted the company’s American Region IT infrastructure, including email servers and telephone network. The company’s US website was also knocked offline.
The company’s US employees have resorted to using to answering customer problems reported via social media.
The type of ransomware attack is not known, but there is likely to be a financial impact.
“The costs from a loss of operational capability to Maritime organisations has been shown to run into the hundreds of millions of dollars in a matter of days,” explained Andy Norton, director of threat intelligence at Lastline.
“Ransomware with worm like features have demonstrated a vulnerability in many sectors of business,” said Norton. “Perhaps it is a business necessity that shipping organisations have a relatively open network, that would allow the fast propagation of a worm. If this is the case the dynamic analysis of objects entering the environment would highlight the malicious propagation behaviours and offer risk mitigation against this type of attack.”
Another expert pointed out that staff have to be trained properly to recognise suspicious emails.
“Ransomware continues to wreak havoc within companies,” said Javvad Malik, security advocate at AlienVault. “It’s unclear whether this was a targeted or casual attack, but employees should be trained to be able to recognise suspicious emails and not click on links; or have an easy-to-escalate route where they are unsure as to whether an email is malicious or not.”
“Similarly, it’s important to have good threat detection and response controls in place so that any attack can be dealt with swiftly,” Malik said. “Cosco was wise to segregate the infected network from the rest of the networks in order to prevent further spread.”
“It’s important for companies to have a recovery and response plan prepared in advance so that business functions can be resumed quickly,” he concluded.