With today's news that French shipping giant CMA CGM[1] has been hit by a ransomware attack, this now means that all of the four biggest maritime shipping companies in the world have been hit by cyber-attacks in the past four years, since 2017.
Previous incidents included:
- APM-Maersk[2] - taken down for weeks by the NotPetya ransomware/wiper in 2017.
- Mediterranean Shipping Company[3] - hit in April 2020 by an unnamed malware strain that brought down its data center for days.
- COSCO[4] - brought down for weeks by ransomware in July 2018.
On top of these, we also have CMA CGM, which today took down its worldwide shipping container booking system after its Chinese branches in Shanghai, Shenzhen, and Guangzhou were hit by the Ragnar Locker ransomware[5].
This marks for a unique case study, as there is no other industry sector where the Big Four[6] have suffered major cyber-attacks one after the other like this.
But while all these incidents are different, they show a preferential targeting of the maritime shipping industry.
"I'm not so sure it's that they're any more or less vulnerable than other industries," said Ken Munr[7]o, a security researcher at Pen Test Partners[8], a UK cyber-security company that conducts penetration testing for the maritime sector.
"It's that they are brutally exposed to the impact of ransomware.
"After Maersk was hit by the NotPetya crytper, I believe criminals realized the opportunity to bring a critical industry down, so payment of a ransom was perhaps more likely than other industries," Munro said.
It's not the ships! It's the shore-based networks
Over the past year, incidents where malware landed on ships have intensified. This included sightings of ransomware, USB malware, and worms[9];