Published in News

CMA CGM confirms ransomware attack

by on29 September 2020


French shipping giant surrenders to malware

CMA CGM has now confirmed it was hit with a ransomware attack. Several of its Chinese offices were affected, but the container line says it has shut down its network to prevent the spread of malware.

The cyber attack was launched using Ragnar Locker, a data encryption malware that has affected companies elsewhere. It is similar to an incident involving Portuguese energy firm EDP Renewables earlier this year.

In an email sent on Sunday and seen by Lloyd’s List (below), the hacker requested the French carrier to contact it within two days “via live chat and pay for the special decryption key”.

The exact price was not disclosed.

In a customer notice, CMA CGM said the websites of the company and its two subsidiaries — ANL and CNC — had become unavailable alongside its IT applications “due to an internal IT infrastructure issue”.

Staff in Europe have been told not to use any company IT equipment, according to sources.

Sophos Principal Research Scientist Chester Wisniewski said the situation painted a picture of those who are most vulnerable.

“Hospitals, schools and municipal governments may dominate the headlines, but international manufacturers and service companies seem to be victims more often than industries with traditional strong IT security functions like finance, defence, and technology firms.”

He said that CMA CGM is the fourth major shipping firm to be hit with ransomware after Maersk, Cosco and Mediterranean Shipping. Having far flung operations around the world makes securing these types of firms extremely difficult, yet no less important than other industries.

“ T security needs to be at the forefront for all industries, not just those who are of national security concern”, he said.

Last modified on 29 September 2020
Rate this item
(0 votes)

Read more about: