Networks across North America suffered a “breakdown”, the company says.


A suspected ransomware attack on a Chinese shipping company has brought part of its international operations to a standstill, echoing the horrors of last year’s NotPetya cyber-attack.

Cosco Shipping Holdings – a state-operated firm and part of one of the largest shipping and logistics companies in the world – had its North American operations crippled on Tuesday due to a “network security problem”, with multiple reports attributing the cause to ransomware.

Email and phone systems in the US, Canada, Panama, Argentina, Brazil, Peru, Chile, and Uruguay were cut off, leading Cosco to subsequently shut down connections between the affected operations and all other regions.

“So far, all the vessels of our company are operating as normal, and our main business operation systems are performing stably,” the company said in a statement.

“We are glad to inform you that we have taken effective measures. Except for above regions affected by the network problem, the business operation within all other regions will be recovered very soon.”

Isolating its internal networks, Cosco said it began to carry out technical inspections of all its services. The company confirmed on July 25 that business operations had resumed as normal for all regions except those in North America.

A statement released the next day read: “We have started contingency plans, such as transfer of operations and conducting operation via remote access, to ensure continuous service in the Americas. During the network failure period, there could be delays in service response in the Americas, and we are expecting your kind understanding.”

The company also said on Facebook that it “expected all network applications will be gradually back to normal soon”, and its response to customers on social media was notably prompt.

Cosco’s proactive handling of the situation is perhaps reflective of the June 2017 cyber-attack on its business associate Maersk – an incident that cost the Danish shipping conglomerate an estimated $300 million after the NotPetya ransomware caused widespread disruption on critical infrastructure globally.

Antivirus vendor EST estimated that the ransomware had infected 80% of Eastern Europe, but had also spread to affect businesses in Europe, Australia, and North America.

Cosco, who appeared not affected, said: “According to related reports, Maersk has confirmed its IT systems across multiple sites and select business units had fallen down due to the cyber-attack on 27 June 2017.

“As Cosco Shipping Lines and Maersk have some business cooperation in some regions, we are now investigating and assessing the possible impacts and will make our efforts to minimize the impacts on our customers.”

The company added: “Meanwhile, Cosco Shipping Lines has already checked the operating system, and updated the patch and the virus database.”

But despite the damages caused by NotPetya, cyber-attacks have continued to disrupt the shipping industry, as per recent data breaches suffered by UK shipbroker Clarksons and an Australian division of Maersk, respectively.

And as the industry continues to ramp up its cyber defenses, tools that can track vulnerable ships have surfaced that companies hope could protect against the next NotPetya.

Cosco has yet to confirm that this week’s “network breakdown” was the result of ransomware, but according to Bleeping Computer, the company has reminded its staff not to open suspicious emails.

The Daily Swig has reached out to Cosco for comment.