Lloyd's List is part of Maritime Intelligence

This site is operated by a business or businesses owned by Maritime Insights & Intelligence Limited, registered in England and Wales with company number 13831625 and address c/o Hackwood Secretaries Limited, One Silk Street, London EC2Y 8HQ, United Kingdom. Lloyd’s List Intelligence is a trading name of Maritime Insights & Intelligence Limited. Lloyd’s is the registered trademark of the Society Incorporated by the Lloyd’s Act 1871 by the name of Lloyd’s.

This copy is for your personal, non-commercial use. For high-quality copies or electronic reprints for distribution to colleagues or customers, please call UK support at +44 (0)20 3377 3996 / APAC support at +65 6508 2430

Printed By

UsernamePublicRestriction

CMA CGM confirms ransomware attack

The French carrier was asked by hackers using the Ragnar Locker ransomware to contact them within two days ‘via live chat and pay for the special decryption key’. No ransom price has been named yet

After initially claiming the company’s booking system was disabled by ‘an internal IT infrastructure issue’, CMA CGM has now confirmed it was hit with a ransomware attack. Several of its Chinese offices were affected, but the container line says it has shut down its network to prevent the spread of malware

CMA CGM, the French container line, is working to reverse the impact of a ransomware attack that has shut down many of its online services.

The cyber attack was launched using Ragnar Locker, a data encryption malware that has affected companies elsewhere. It is similar to an incident involving Portuguese energy firm EDP Renewables earlier this year.

In an email sent on Sunday and seen by Lloyd’s List (below), the hacker requested the French carrier to contact it within two days “via live chat and pay for the special decryption key”.

The exact price was not disclosed.

In a customer advisory, CMA CGM said the websites of the company and its two subsidiaries — ANL and CNC — had become unavailable alongside its IT applications “due to an internal IT infrastructure issue”.

Staff in Europe have been told not to use any company IT equipment, according to sources.

CMA CGM initially denied it had been hit by a cyber attack. However, vice-president Joël Gentil has now confirmed a security breach.

“The CMA CGM group, excluding CEVA Logistics, is currently dealing with a cyber attack on peripheral servers,” he said. “Now that we have identified this problem, we have interupted the access to our system to prevent the malware from spreading. Now our information system is resuming.”

He said the container line’s network remained open for bookings.

“We are progressively resuming connectivity so in some instances bookings can be taken online, but where customers cannot get online they can call their local offices. The situation is coming back to normal. It will take a few hours.”

An investigation was now under way into how the systems were infected.

The company said further information would be issued later.

Industry sources said services run by the container line at a number of Chinese offices, including Shanghai, Shenzhen and Guangzhou, had been disrupted.

“It seems the booking system is down,” said one container terminal manager at the port of Shanghai. “Cargo loading could be affected.”

Hong Kong port sources said CMA CGM’s operations both at the container terminal and on its vessels are normal.

CMA CGM has a joint venture with PSA, CMA CGM-PSA Lion Terminal, that operates four mega container berths at Singapore’s Pasir Panjang terminals.

PSA declined to comment on operations at the terminal.

The Ragnar Locker attack would make CMA CGM the fourth major container shipping carrier known to have fallen victim to such a major cyber incident.

In July 2018, Chinese giant Cosco Shipping was hit by a cyber attack that disabled its IT systems in the US.

Maersk Line sustained a severe blow from a ransomware attack in 2017, which cost the Danish carrier up to $300m.

Mediterranean Shipping Co suffered a shutdown from a cyber attack earlier this year.

Related Content

Topics

UsernamePublicRestriction

Register

LL1134044

Ask The Analyst

Please Note: You can also Click below Link for Ask the Analyst
Ask The Analyst

Your question has been successfully sent to the email address below and we will get back as soon as possible. my@email.address.

All fields are required.

Please make sure all fields are completed.

Please make sure you have filled out all fields

Please make sure you have filled out all fields

Please enter a valid e-mail address

Please enter a valid Phone Number

Ask your question to our analysts

Cancel