Chinese shipping giant COSCO was recently struck with a ransomware strain which crippled its U.S. operations. The malicious code also spread to infect the company’s systems in other countries such as Argentina, Brazil, Canada, Chile, Panama, Peru, and Uruguay.
It just goes to show how much devastation a single breach can cause, even for the world’s largest shipping company by dry weight tonnage.
The attack took down the company’s communication network – specifically, phone and email lines – which are vital for a company that deals in trade.
The type of ransomware that infected the company’s network is still unknown, with COSCO offering up scant details. The company has not responded to multiple requests from sites like Bleeping Computer.
The company’s US employees had to resort to using public Yahoo email addresses to answer customer problems which flooded in via social media. Security experts advised that COSCO might not be out of the woods yet.
“Although COSCO has been quick to respond to this hack, the virus may have been dormant for some time, so I would not be surprised if other systems – shore- and ship-based systems – have been breached,” Maritime cybersecurity specialists Naval Dome said
“We strongly recommend to whoever discovered the attack to thoroughly verify the breach has been contained and has not infected any ships in the COSCO fleet.”
“Incident response is a challenging field — if services are restored quickly, it’s legitimate to ask why they were impacted in the first place,” Asavie head of solutions Keith O’Byrne said.
“Equally, there is the question as to whether malware or infection has been truly purged. InfoSec teams can face huge pressure to ‘just get it back working’.”
A.P. Møller-Maersk, another massive shipping firm, were infected with ransomware as well last year. It was one of the NotPetya ransomware’s largest victims.