Lloyd's List is part of Maritime Intelligence

This site is operated by a business or businesses owned by Maritime Insights & Intelligence Limited, registered in England and Wales with company number 13831625 and address c/o Hackwood Secretaries Limited, One Silk Street, London EC2Y 8HQ, United Kingdom. Lloyd’s List Intelligence is a trading name of Maritime Insights & Intelligence Limited. Lloyd’s is the registered trademark of the Society Incorporated by the Lloyd’s Act 1871 by the name of Lloyd’s.

This copy is for your personal, non-commercial use. For high-quality copies or electronic reprints for distribution to colleagues or customers, please call UK support at +44 (0)20 3377 3996 / APAC support at +65 6508 2430

Printed By


From the News Desk: Shipping struggles to repel hackers

Demands for ransomware payments have increased and compliance may risk violating Ofac regulations

Shipping companies and organisations have received a sharp wake-up call as to the threat of cyber attacks, with several affected in the past few weeks alone. In response, the US Department of the Treasury’s Office of Foreign Assets Control has issued advisories highlighting the increased sanctions risks associated with ransomware payments

ONE of the outcomes of the Covid-19 pandemic on working practices globally has been the increasing reliance on digital systems in order to do business. But what this has exposed is a vulnerability to attacks by cyber criminals using sophisticated ransomware to blackmail businesses by stealing their access to their own data.

At the beginning of last week, the world’s fourth-biggest container company, CMA CGM, was the victim of a cyber attack by hackers using Ragnar Locker ransomware. Despite initial denials that the incident had taken place, the company later confirmed that it had taken its network offline to prevent the malware spreading further.

The lack of information from CMA CGM following the incident led to complaints from customers speaking to Lloyd’s List that they had to revert to manual processes for bookings and were concerned that existing bookings were not being loaded and shipped.

Systems were gradually being brought back online throughout the week, but the company warned that it suspected the theft of data from its systems had taken place.

The incident with CMA CGM is not a new threat to the shipping industry and follows other high-profile attacks on Mediterranean Shipping Co over the Easter weekend earlier this year, Cosco Shipping in mid-2018 and Danish carrier Maersk the year before.

What appears to have changed now is the targeted nature and frequency of the ransomware attacks, as well as emboldened groups using increasingly advanced malware.

Just three days after the attack on CMA CGM, the International Maritime Organization, which itself has been urging companies to act on cyber risks ahead of new legislation coming into force at the start of next year, was similarly hit by hackers, making its website and internal intranet services unavailable.

This was not the first time the UN agency had been attacked, but it is the most serious and access to systems and communications are still only gradually restored.

It also emerged in the past few days that Danish logistics company Blue Water Shipping was targeted last month, ahead of the CMA CGM and IMO attacks, but fortunately they, together with external security specialists, were able to repel several attempts to penetrate their systems.

Shipping has undoubtedly been slow to heed the warnings of cyber crime but it desperately now needs to speed up progress or potentially face crippling financial losses as well as the trust of customers.

Insurers and lawyers told Lloyd’s List last week that shipowners need to be aware that such crimes will not normally be covered by hull and machinery policies, most of which include an explicit exclusion clause, with insurers simply needing to show that system vulnerability was exploited with malicious intent.

However, perhaps the starkest warning and call to act was delivered in two advisories by the US Treasury Department’s Office of Foreign Assets Control (Ofac) and Financial Crimes Enforcement Network (FinCEN) late last week.

The documents highlighted the dangers of vulnerable systems and the potential for shipping companies, and others, to fall foul of US sanctions rules.

They explicitly explained that companies must make every effort to detect and report ransomware attackers, as well as assist in holding them accountable for their crimes. If they comply with demands, they may also find themselves in trouble.

“Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating Ofac regulations,” the Treasury said.

The US government agency has already showed it is not afraid to flex its muscles to counter sanctions violations on the transport of energy products from Iran and Venezuela, and this may also turn out to be the first shot across the bow on cyber crime violations as well.

Read more about shipping's path to digitalisation in our special hot topic section.

Related Content





Ask The Analyst

Please Note: You can also Click below Link for Ask the Analyst
Ask The Analyst

Your question has been successfully sent to the email address below and we will get back as soon as possible. my@email.address.

All fields are required.

Please make sure all fields are completed.

Please make sure you have filled out all fields

Please make sure you have filled out all fields

Please enter a valid e-mail address

Please enter a valid Phone Number

Ask your question to our analysts