A ransomware attack has hit the servers of French container shipping giant CMA CGM, leading to the temporary closure of the company’s shipping website and applications.
A statement released by the company yesterday morning read: “The CMA CGM Group (excluding CEVA Logistics) is currently dealing with a cyber-attack impacting peripheral servers.”
After a security breach affecting several of the group’s Chinese offices was detected over the weekend, CMA CGM weighed anchor on its entire network in order to prevent the malware from spreading.
At time of publication, the company’s shipping website (https://www.cma-cgm.com) remains inaccessible, returning the error “504-Gateway Timeout.” The sites of two of the company’s subsidiaries—ANL and CNC—along with the company’s IT application are also unavailable “due to an internal IT infrastructure issue.”
CMA CGM took to Twitter yesterday to inform customers that “external access to CMA CGM IT applications are currently unavailable.”
The group assured its clients with the message that “IT teams are working on resolving the incident to ensure business continuity.”
CMA CGM confirmed to shipping media group Lloyd’s List that the Ragnar Locker ransomware gang was behind the cyber-attack.
The gang contacted the French carrier via email on Sunday with instructions to make contact within two days “via live chat and pay for the special decryption key.” How much money the gang are demanding in exchange for the key is not yet clear.
CMA CGM is the fourth major container shipping carrier to be attacked by cyber-criminals since 2017. Previous hits were made on Cosco Shipping, Mediterranean Shipping Co, and Maersk Line.
Andrea Carcano, co-founder of Nozomi Networks, described the level of system visibility and cybersecurity maturity in the shipping sector as “relatively low.”
“The maritime industry in particular transports 90% of the world’s trade, and like other industries, is becoming increasingly connected, automated and remotely monitored,” said Carcano.
“Many ships contain devices and systems that their operators aren’t even aware of. The people using the system are oftentimes the weakest element, opting to click a link in an email that says ‘URGENT’ or voluntarily giving up their credentials when somebody named ‘IT Support’ asks nicely.”