The China Ocean Shipping Group Company, popularly known as COSCO, has fallen victim to a ransomware attack connected to its operations in the Americas and has resulted in the company being completely disconnected from the Internet, severing communications between COSCO, its vendors, and its clients.
According to reports, the ransomware attach against COSCO has impacted its networks in the United States, Canada, Argentina, Uruguay, Brazil, Chile, Peru, and Panama, though its internal business operations networks appear to be unaffected and its ports in California and the United Kingdom are operating as normal. For external communications, however, COSCO has had to issue special web-based email addresses hosted by Yahoo and Gmail to vendors and clients who are attempting to contact COSCO employees.
The Press-Telegram newspaper of Long Beach, Claifornia, reported last week that COSCO had become the victim of a ransomware attach by an as yet unidentified perpetrator. Ransomware forcefully encrypts the computer hard drives of victims, rendering them inaccessible to legitimate users, and the perpetrator then demands a ransom be paid – usually in a cryptocurrency such as Bitcoin – in return for the hard drives to be decrypted. Meanwhile, as of the writing of this report, COSCO has not confirmed that it is the victim of a ransomware attack and has not provided any official and public explanation as to why its public-facing networks and websites in the Americas are experiencing an extended outage.
In a Tweet, however, COSCO did say that it had experienced a network anomaly that forced it to temporarily shut down its global networks until it could verify that it was safe to reboot them. This seems to have been completed with the exception of its networks in the Americas.
This unconfirmed ransomware attack against COSCO, if true, would be the latest attack against a major shipping line over the past year. In June 2017 the NotPetya ransomware attack particularly harmed the operations of the A.P. Moller-Maersk shipping line, resulting in an estimated U.S.$300 million revenue loss for the company.
While a serious development for COSCO, it would seem that it has been able to isolate the effects of this ransomware attack to its operations in North and South America, and internal business operations networks seem unaffected. While the full impact of the attack may not be known for many months, there is a chance that the full impact of this ransomware attack has been mitigated but will still likely be costly to the company financially and perhaps even reputationally.