Latest Ransomware Attack Hits Shipping Industry

In May, the WannaCry global ransomware attack targeted computers worldwide running Microsoft’s Window operating system by encrypting data and demanding ransom payments. WannaCry brought computer systems from Russia to China to the U.K. and the U.S. to their knees, locking people out of their data and demanding they pay a ransom or lose everything. More than 200,000 computers in 150 countries were affected. Now ransomware virus Petya has hit companies worldwide, including shipping giant A.P. Moller-Maersk, which handles one out of seven containers shipped globally.

The Petya cyber attack caused outages at Maersk’s computer systems across the world, including at its APM Terminals, preventing new bookings from taking place or providing quotes at affected terminals. Within hours, Maersk, however, was able to accept cargo bookings through its third-party platform, INNTRA, for existing accounts, though booking confirmations are taking longer than usual. “We are still working on resuming normal operation,” the company announced via Twitter.

The cyber-attack shut down a number of Maersk’s IT systems including those it uses to communicate with its customers and business partners. According to Seatrade Maritime News, reports from New Zealand indicated the line was using handwritten communication with ports as well as G-mail accounts with customers.

In the United States, the supply chain fallout from the Petya attack has been significant. APM Terminals’ operations in Mobile, Alabama, according to Splash24/7, for example, have been loading and unloading containers in manual mode without the use of a computerized system. In New Jersey, APM Terminals’ gate operations in Port Elizabeth were shuttered.

The full scale of the Petya cyber attack on Maersk globally remains unclear. “We continue to assess the situation. Until this analysis is complete, we cannot be specific about how many sites and locations are affected or when normal business operations are restored. The aggregate impact on our business is being assessed,” Maersk said.

In addition, the Petya cyber attack, according to Seatrade Maritime News, also affected Maersk’s logistics arm Damco. “Damco has limited access to certain systems. A business continuity plan has been deployed with a key focus on protecting customers’ cargo flows,” the company said.

This type of attack quite evidently has a domino effect on the entire supply chain. Just one weak link opens up everyone to potential attacks and subsequent delays. Coordinating ship arrivals, unloading containers and then scheduling storage and trucks to move products out of ports requires a high degree of coordination and efficiency. A big bottleneck in a single port can reverberate widely and quickly.

What is ransomware?

Ransomware is a type of malware that essentially takes over a computer and prevents users from accessing data on it until a ransom is paid. The average ransom amount is $300 to $500 per computer, and the favored payment is bitcoin. In most cases, the software infects computers through links or attachments in malicious messages known as phishing emails. The software usually is hidden within links or attachments in emails. Once the user clicks on the link or opens the document, the computer is infected and the software takes over.

Although ransomware has been around for years, these latest global attacks are much more insidious. Both WannaCry and Petya borrowed leaked National Security Agency code that permits software to spread quickly within an organization’s network.

To minimize the potential of a ransomware attack, there are several cyber security steps you can take including:

• Look for malicious email messages that often masquerade as emails from companies or people you regularly interact with online. Avoid clicking on links or opening attachments in those messages, since they could unleash malware.
• Regularly back up data. There are a ton of options here, from backing up to cloud providers to local storage devices or even network attached drives, but each comes with a certain level of risk. It’s imperative to remove the external storage device once a backup has been taken so that if ransomware does infect the computer, it won’t be able to touch the backup.
• Ensure that security updates are installed on your computers as soon as they are released. Up-to-date backups make it possible to restore files without paying a ransom. WannaCry and Petya attack exploited vulnerabilities in some versions of Microsoft Windows. Microsoft has released software patches for the security holes, but not everyone has installed those updates. The new malware, however, appears to have a back-up spreading mechanism, so that even if some computers were patched, they can still be hit if one or more machines in a particularly network wasn’t patched.
• Download protection programs that not only fight attacks, but also notify you when there is a threat to your computer. These programs include firewalls, anti-virus programs and other protective software. They can alert you if a malware is trying to encrypt your files and what they are doing to stop it.

Be sure to have a business continuity plan in place so that you can get your operations running as smoothly as possible as quickly as possible. In addition, be sure to carry Cyber Liability insurance, which can be designed to include cyber extortion coverage in the event of a ransomware attack. Roanoke Trade, which specializes in serving the insurance needs of transportation and logistics providers, is available to discuss how Cyber insurance works and the various coverages available in the policy. Please contact one of our Roanoke Trade professionals at 1-800-ROANOKE (800-762-6653) for more information.