A shipping company suffered a ransomware attack that affected certain network systems in one of its regions of operation.
On 25 July, COSCO Shipping Lines disclosed on Facebook
that it had suffered a "local network breakdown" in the Americas. The company, which is owned and operated by the Chinese government, said that the incident degraded local email and network telephone services but not its main business operations, including the functionality of all its vessels. COSCO decided to suspend certain connections with other regions out of an abundance of caution.
The shipping giant had not directly revealed the source of the event at the time of publication. But it did retweet a tweet from The Modern Times of LB (Long Beach) attributing the network issues to a ransomware attack.
Long Beach Press-Telegram
confirmed that COSCO had suffered a ransomware infection on 24 July and that a spokesperson for the company had acknowledged the attack as such. Similar to the company's initial message, the article stated how the attack had not affected logistics at the shipper's Pier J terminal in Long Beach but that it had hit certain communication systems.
In so doing, the attack was unlike the NotPetya ransomware infection that struck A.P. Moller-Maersk
, a 2017 attack which disrupted operations at the container shipping company to the tune of $300 million.
On 26 July, COSCO published an update on Facebook
revealing that it had taken measures to isolate its networks in other regions after learning of the network issues. It also said it was busy working to resolve the issues affecting its communication systems in the Americas region. In the meantime, it asked customers to be patient with any delays in service responses that could arise:
It is our core value to protect customers' interests and guarantee network security. Therefore, all service and communication channels we are now providing are safe and secure. Please be assured that it is safe to keep contact with us via our website, emails, EDI, or CargoSmart.
More information about the incident can be found in a FAQs sheet published by the company