Ransomware attack disrupted some systems of the shipping giant COSCO in the US
28.7.18 securityaffairs Ransomware
The Chinese shipping giant COSCO was reportedly hit by a ransomware based attack, the attack occurred in the American region.
According to COSCO a “local network breakdown” disrupted some systems in the United States.
Media confirmed the incident was the result of a ransomware attack and quoted a company spokesman as the source.
“The China Ocean Shipping Co. Terminal at the Port of Long Beach was hit by a cyberattack on Tuesday, July 24.” states local media.
“A spokesman for the Shanghai-based company, which acknowledged the ransomware attack Tuesday, said that the company’s operations outside the United States were not affected.”
The shipping company quickly isolates the systems to avoid propagation to other regions and started an internal investigation, the firm confirmed that the incident did not affect operations of the fleet.
“Due to local network breakdown within our America regions, local email and network telephone cannot work properly at the moment. For safety precautions, we have shut down the connections with other regions for further investigations.” reads the security advisory published by COSCO.
“So far, all vessels of our company are operating normally, and our main business operation systems are stable. We are glad to inform you that we have taken effective measures and aside from the Americas region, the business operation within all other regions will be recovered very soon. The business operations in the Americas are still being carried out, and we are trying our best to make a full and quick recovery,”
The Journal of Commerce, citing COSCO Vice President Howard Finkel, reported communications between the carrier’s U.S. operations and its customers has been slowed due to the cyber attack. Digital communications were disrupted and the communications were going on via telephone.
View image on Twitter
View image on Twitter
JOC.com
@JOC_Updates
Cosco responds to cyber attack on US operations #maritime #containers http://bit.ly/2uMjJJS
10:52 PM - Jul 24, 18
13
See JOC.com's other Tweets
Twitter Ads info and privacy
Port of Long Beach spokesman Lee Peterson confirmed the attack and added that it is monitoring the situation.
According to the popular security expert Kevin Beaumont, the ransomware has infected a portion of the infrastructure that hosts the company website (cosco-usa.com), phone and email systems, and WAN and VPN gateways.
Catalin Cimpanu
@campuscodi
· 26 Jul
Replying to @GossiTheDog
Their global website is still working fine. Only their US site is down from what it appears.http://lines.coscoshipping.com/home/News/detail/15325081261286611042/50000000000000231?id=50000000000000231 …
Kevin Beaumont
✔
@GossiTheDog
Yes, it is only Cosco Americas Inc (CAI) impacted. Anything on this network: https://ipinfo.io/AS32604 - includes their website http://www.cosco-usa.com , their phone system, WAN and VPN gateways, email etc.
12:54 AM - Jul 26, 18
1
See Kevin Beaumont's other Tweets
Twitter Ads info and privacy
Kevin Beaumont
✔
@GossiTheDog
· 26 Jul
Replying to @GossiTheDog
If anybody from Cosco is reading I help with anything like this free of charge for the insight gained, send me an email if you want.
Kevin Beaumont
✔
@GossiTheDog
Cosco have put out a statement confirming the issue. I understand they’re now on their 4th day of downtime for CAI (Cosco Americas Inc) business unit. https://www.itwire.com/security/83772-cosco-s-us-arm-hit-by-windows-ransomware.html …
9:26 AM - Jul 26, 18
Cosco's US arm hit by Windows ransomware
The North American arm of Chinese shipping conglomerate Cosco has been hit by Windows ransomware, affecting communications at its US locations.
itwire.com
17
See Kevin Beaumont's other Tweets
Twitter Ads info and privacy
At the time of writing the affected U.S. systems still appear to be offline.
The good news is that the attack doesn’t appear severe as the NotPetya attack that hit shipping giant Maersk in August 2017.
According to the second quarter earnings report, there were expecting losses between $200 million and $300 million due to “significant business interruption” because the company was forced to temporarily halt critical systems infected with the ransomware.
Møller-Maersk chair Jim Hagemann Snabe during a speech at the World Economic Forum explained that the attack forced the IT staff to reinstall “4,000 new servers, 45,000 new PCs, and 2,500 applications,” practically “a complete infrastructure.”