Ransomware attack forces Nagoya Port operations to halt for over two days

Ransomware attack at Nagoya Port

In a severe disruption to Japan's trade and commerce sectors, the Port of Nagoya, Japan's largest and busiest port, was targeted in a ransomware attack, halting its operations for over two days. This incident caused a significant stir within the global maritime industry, highlighting the escalating cybersecurity threats that modern ports face.

Operating 21 piers and 290 berths, the port is a significant hub, handling more than two million containers and a cargo tonnage of 165 million every year, and accounts for about 10% of Japan's total trade volume. It also plays a crucial role in the operations of the Toyota Motor Corporation, a global automotive giant, which uses the port to export a large portion of its vehicles.

Cyberattack brings operations to a halt

Early on July 4, 2023, the administrative authority of the Port of Nagoya issued a notice about a malfunction in the central system controlling all container terminals – the Nagoya Port Unified Terminal System (NUTS). The ransomware attack that took place around 06:30 AM local time was identified as the root cause of the problem.

An emergency meeting involving the Nagoya Port Authority, the Nagoya Port Operation Association Terminal Committee, and the Aichi Prefectural Police Headquarters was convened to investigate and respond to the situation.

The aftermath of the attack was severe. All container loading and unloading operations at the terminals using trailers were abruptly halted. The cessation of operations led to significant financial losses for the port and severely disrupted the circulation of goods to and from Japan.

Despite having dealt with cyberattacks before, including a Distributed Denial-of-Service (DDoS) attack in September 2022,^[1] this ransomware attack was deemed the most impactful by the Nagoya Port Authority.

The identity of the threat actor and the response

Initially, the threat actor behind the ransomware attack on the Port of Nagoya remained unknown, as no group publicly claimed the intrusion. However, as the investigation progressed, the pro-Russian ransomware group LockBit 3.0^[2] took responsibility for the attack, demanding a ransom for the system's recovery.^[3]

Despite the chaos caused by the attack, the port authority and relevant agencies made swift efforts to restore the NUTS system. They worked tirelessly to ensure that operations could resume at the earliest.

Recovery and resumption of operations

Although the systems at Japan’s most significant maritime port were restored fairly quickly, the recovery of large volumes of deleted data delayed the full resumption of operations. The Nagoya Harbor Transportation Association announced that operations at one terminal resumed on Thursday afternoon,^[4] and they aimed to restart other terminals later in the evening.

Despite the significant disruption, Toyota Motor Corp assured that the attack had not affected the shipment of new cars yet. The company confirmed that the production of vehicles continued without impact.

This incident has emphasized the critical nature of cybersecurity in modern port and transportation operations. As attacks like these become more frequent, strengthening the cybersecurity infrastructure to fend off such threats becomes increasingly essential.

The Nagoya Port incident is just one in a series of similar attacks targeting ports globally. In 2021, the ports of Lisbon in Portugal and the Jawaharlal Nehru Port Trust in India,^[5] as well as South Africa's port and rail company, also suffered ransomware attacks. These incidents underline the growing threat that cyberattacks pose to critical infrastructure worldwide.