The network of shipping giant COSCO compromised by ransomware attack


Nowadays, ransomware attacks have turned into something that isn’t considered out of ordinary – NotPetya and other threats of this kind raging in recent times come to mind readily. On June 26, the Chinese shipping giant COSCO has become their latest victim, with its American network being crippled and both its website and email being taken offline as a result. The Chinese Ocean company has released a statement which provided clarification on the issues it experiences: “Due to local network breakdown within our America regions, local email and network telephone cannot work properly at the moment.” The statement also says that “For safety precautions, we have shut down the connections with other regions for further investigations.”
The company’s Chichen Shen has reported that an internal email which was seen by maritime intelligence firm Llloyds List has confirmed that problems were caused by ransomware. It should be noted, however, that not only the US systems have suffered as a result of this attack. In total, COSCO has offices in 27 North American and South American countries and the branches in Canada, Panama, Argentina, Brazil, Peru, Chile and Uruguay have also been compromised. As of yet, the corporate email in US, Canada, Panama and Peru is out of commission. Microsoft Hotmail email addresses are offered to get in touch with the company’s Canadian branch.

Current attack wasn’t global and hasn’t affected COSCO’s operations

Even though the attack caught many of its customers off-guard, the firm does its best to remedy the situation and soften the effects for all involved. It’s working on the solution to the issue and continues to conduct operations using remote access. The company warns about potential delays in service response and hopes for understanding from its clients. The actions taken by it to rectify the problems were prompt. Internal networks were quickly isolated, so that the technical inspections could be performed on a global scale. And even though the connections with other regions were shut for safety while this situation is resolved, it remained possible for the customers to get in touch with the firm by contacting it through social media or Yahoo! email address. The communications haven’t stopped and all of the operations continue as usual, with ships, trains and trucks not having their movement affected.
An interesting fact here is that this ransomware attack comes hot on the heels of COSCO overtaking Orient Overseas Container Lines, which is one of its Asian rivals. Doing so let the company gain control of a large container facility located at the Port of Long Beach, which is the North America’s second-busiest container port, coming only behind Port of Los Angeles. The origins of the attack aren’t known at the moment, so no definitive statement can be made, but the timing of the attack is certainly curious and raises questions. Still, due to COSCO having a separate terminal system, it’s possible for it to continue its business as normal. And, since the firm is state-owned and there’re natural security concerns after what happened, it has guaranteed to put its large container terminal into a trust.

The attack comes after NotPetya has wreaked havoc last year

Just last year, ransomware came under a huge spotlight after it was used to compromise Maersk, world’s biggest shipping company. The results of this were far more disastrous than now, with Maersk being forced to make changes to its ships’ routing, and docking or unloading cargo ships in dozens of ports becoming impossible for it. The losses were estimated to be up to $300 million. Maersk’s CEO have also said that its engineers had to reinstall over 4,000 servers, 45,000 PCs, and 2,500 applications over a period of ten days in late June and early July 2017.
According to security researchers, putting miners on the computers and using their resources to create cryptocurrency have nowadays become a new fad for cybercriminals. Still, it doesn’t mean that they’re ready to abandon the means that were so beneficial for them not that long ago, so firms’ owners should pay attention to their cybersecurity, organize classes that teach their personnel how to avoid potential sources of infection, and make certain that their security software is kept up-to-date. The issue of all that not being the case remains and is one of the reasons why the number of successful attacks continues to rise. As far as the names of the viruses go, the ones used the most are Data Keeper, Satan, SamSam and Gandcrab.

COSCO reaction to the problem and general guidelines on preventing it

To their credit, COSCO have instructed their employees from other regions to refrain from opening the emails that seem in any way suspicious and have also told its IT staff to perform a check of its internal networks with antivirus software. But the, which is the company’s primary American site, remains offline. It’s possible to contact it via the telephone, but callers should be prepared for significant delays in replies. COSCO operates a global fleet of 1.114 vessels with a capacity of 85.32 million DWT, making it the world’s largest for DWT. Its container fleet capacity is 1.58 million TEU, making it the fourth in the world. Since it’s possible for con artists to attack the firm of this magnitude, others should be on the lookout and prevent something like this from happening to them.

Ransomware is considered exceptionally intrusive and dangerous, and some of its variants are capable of encrypting not just the files, but the entire hard drives as well. Restoring information after this is very difficult and could result in severe time and financial losses. Security experts suggest paying extreme attention to companies’ cyber safety, as it will help to avoid all that and will also stop cybercriminals from enriching themselves at someone else’s expense.


Please enter your comment!
Please enter your name here