COSCO’s American Operations Hit With Crippling Ransomware Attack

Shipping giant China Ocean Shipping Company (COSCO) has been hit with a ransomware attack that has crippled its U.S. operations.

“Due to local network breakdown within our America regions, local email and network telephone cannot work properly at the moment. For safety precautions, we have shut down the connections with other regions for further investigations,” the Shanghai-based behemoth said in a brief notice on its international website.

The cyberattackers took aim at the company’s Stateside headquarters at the Port of Long Beach on Tuesday. As of the time of writing, the U.S. website and phone lines remained down.

The company also said that all other global operating areas were functioning, and that its maritime enterprises remained afloat, so to speak.

“So far, all the vessels of our company are operating as normal, and our main business operation systems are performing stably,” it said.

Port of Long Beach spokesperson Lee Peterson told the Long Beach Press-Telegram that operations staff at COSCO’s Pier J terminal confirmed that the company’s fleet and logistics operations are unaffected. However, few details have been given as to the extent of the infection or its aftermath.

COSCO is only the latest shipper to become embroiled in ransomware: The world’s largest container ship and supply vessel company, AP-Møller-Maersk, was hit in the NotPetya attacks last June, which cost it close to $300 million in damages.

Speaking on a panel at the World Economic Forum in January, the Danish giant’s chair, Jim Hagemann Snabe, said that the company had to reinstall “4,000 new servers, 45,000 new PCs, and 2,500 applications” to recover. As Snabe described it: “a complete infrastructure.”

COSCO said in its advisory that “we are glad to inform you that we have taken effective measures” to address the attack, although it’s unclear what those measures are.

The company did not respond to a request for comment.

“Organizations rely on their computers and network to operate,” said Ben Herzberg, director of threat research at Imperva, via email. “From internal and external communication, to accessing the data which fuels the business. This makes companies today work that much faster than decades ago, but it also means that disruptions to the company’s computers and networks can mean that they cease to operate (efficiently, or at all).”

He added, “In this case it’s ransomware, in other cases it may be a denial-of-service or other attack. Organizations must model the threats in their world and act accordingly. For example, what would happen if their network was attacked by certain types of attacks, how can they lower their risks, and what should they do once these attacks actually go through.”