Shipping giant COSCO suffered ransomware attack on its US network

COSCO's phone lines and local emails are down within US regions

Although there is still no confirmation from COSCO, several news outlets reported that disruptions caused are due to the ransomware infection

Fourth largest shipping company in the world China Ocean Shipping Company (COSCO) shut down its communication means, including local email, VPN and WAN gateways and network phone due to what is claimed to be a “network breakdown.” Nevertheless, several news outlets were informed by the company that the cause of disruption is a ransomware attack.

COSCO addressed their customers in the Facebook post^[1] on 25th of July:

Due to the local network breakdown within our Americas region, local email and network telephone is not working properly at the moment. For safety precautions, we have shut down connections with other regions for further investigations.

It is not uncommon for companies to not fully disclose the situation^[2] while the investigation is still ongoing. Therefore, researchers can only speculate about what type of ransomware has hit COSCO.

The shipping giant urged its employees to take cybersecurity measures

While the initial incident occurred on 24th of July, all communication networks in the US (excluding Long Beach terminal) are still off. At the time of the writing, the official US COSCO website is down as well. Nevertheless, the firm still keeps all the shipping operations going without any disruptions:

So far, all the vessels of our company are operating as normal, and our main business operation systems are performing stably. We are glad to inform you that we have taken effective measures and aside from the Americas region, the business operation within all other regions will be recovered very soon. Except for above regions affected by the network problem, the business operation within all other regions will be recovered very soon.

Because of most communication networks being down, COSCO employees resorted to Yahoo email service as well as social media platforms like Twitter to communicate with their customers. Although the shipping company promised to fix the situation as soon as possible, networks are still off two days later.

COSCO also undertook certain security measures, as it asked its employees not to open suspicious emails. Additionally, the firm also prompted IT specialists to scan internal networks with anti-malware software thoroughly.

Not the first time a shipping company is targeted by a ransomware attack

According to the FBI, the number of ransomware infections dropped^[3] in the last couple of years. Although security experts can count it as a little victory against cybercrime, the focus on these malicious programs should not be shifted. The number of ransomware attacks does not equal to its devastation caused, as 2017 proved to be catastrophic for several high-profile organizations and governmental institutions, like NHS, TNT,^[4] WPP, Maersk, etc.

The latter is the largest shipping company in the world, and NotPetya cost the company dearly.^[5] Maersk had to spend $250-$300 million to repair broken systems – establish 4,000 new servers, buy 45,000 new PCs and reinstall 2,500 applications on machines.

It is yet unknown the extent of damage could be caused to COSCO by the cyber attack. Nevertheless, it proves once again how vital it is to pay close attention to cybersecurity measures and training.