A ransomware attack disrupted cargo operations at the largest Japanese port, the Nagoya Port Authority has disclosed.
The July 4, 2023 attack impacted the central computer system, the Nagoya Port Unified Terminal System (NUTS), that operates the port’s five cargo terminals, causing widespread disruptions.
With 21 piers and 290 berths, the Port of Nagoya, Japan, handles an average of 165 million tons of cargo annually, representing about 10% of the country’s total trade volume.
LockBit 3.0 claims responsibility for the Japanese port ransomware attack
The pro-Russian cyber gang LockBit 3.0 has claimed responsibility for the Port of Nagoya ransomware attack.
The Nagoya Harbor Transportation Authority disclosed that the cyber gang had made a ransom demand to restore the impacted systems. Sources familiar with the matter said a ransom note was sent to a printer when an employee attempted to start a computer.
“Industry experts and government agencies advise organizations not to pay out in a ransomware attack,” noted Keeper Security CEO and Co-Founder, Darren Guccione. “However, it’s a difficult decision because the organization risks losing sensitive information, access to critical files, and the entire network infrastructure they need to operate their business.”
The Japanese port suspended loading and unloading operations for two days while working to restore the impacted systems by 6 pm on Wednesday, July 5, and resume operations by Thursday morning.
Meanwhile, Aichi Prefectural Police Headquarters has launched an investigation into the incident.
“LockBit 3.0, also known as LockBit Black, represents a new era of ransomware sophistication,” said Itay Glick, VP of Products at OPSWAT. “The Cybersecurity and Infrastructure Security Agency (CISA) had previously warned about its modular and evasive nature, drawing similarities with other notorious ransomware variants such as BlackMatter and BlackCat. This evolving threat gains initial access to victim networks through various means, including remote desktop protocol (RDP) exploitation, phishing campaigns, abuse of valid accounts, and exploitation of public-facing applications.”
The Port of Nagoya ransomware attack impacted Toyota
The Japanese port ransomware incident impacted the country’s leading manufacturers like Toyota Motor Corporation, which largely depends on the facility for its export and import operations.
Local media reported that Toyota was unable to load or offload auto parts due to the Nagoya United Terminal System glitch. Reuters reported that the automaker planned to suspend operations at an export packaging facility due to the ransomware attack.
However, Toyota’s production systems and delivery of finished vehicles were unaffected, as the company resorted to a different computer system to avoid disruption.
A Toyota spokesperson told local media that its suppliers, such as Denso and Aisin, had secured enough supplies, and the company was closely monitoring the situation.
Nevertheless, the Nagoya ransomware attack caused temporary congestion, with trailers queuing to receive cargo. Some terminals resorted to the manual system to mitigate the impacts of the ransomware attack and ease the congestion.
Shipping industry targeted by cybercriminals
The Japanese port has suffered numerous cyber attacks, but this was the largest so far. In September 2022, the Japanese port suffered a Killnet distributed denial of service attack (DDoS) attack that momentarily disrupted operations for about 40 minutes.
However, the Japanese port is hardly the only shipping facility to suffer a LockBit ransomware attack. In 2022, the Port of Lisbon suffered a LockBit ransomware attack that leaked financial documents and other shipping information.
According to Tom Lysemose Hansen, CTO and co-founder of Promon, the Japanese port ransomware attack highlights one of the most significant threats facing the shipping industry and the global supply chains.
“Ports and shipping companies are increasingly targeted as those responsible know the financial losses incurred by these types of attacks can be astronomical,” Hansen said. “The threat to global trade, supply chains, and the economic stability of nations make these types of attacks particularly lucrative.”
In early 2022, India’s Jawaharlal Nehru Port also suffered a ransomware attack that impacted Jawaharlal Nehru Port Container Terminal (JNPCT).
In July 2021, South Africa’s state-owned port, rail, and pipeline company Transnet also suffered a ransomware attack described by the Institute for Security Studies (ISS) as “unprecedented.”
Other shipping facilities targeted by cyber-attacks include the Port of Barcelona (2018), Port of Vancouver (2018), Port of Marseilles (2020), Shahid Rajaee Port Terminal and Hormuz Port in Iran (2020), Port of Kennewick, Washington (2020), Port of Houston, Texas (2021), and Port of London Authority (2022), among others.
Shipping vessels are also targets of ransomware attacks, with half of all incidents occurring on the dock or terminals, according to a Rightship report.
“Ransomware attacks have a far-reaching effect, particularly when a major part of the global supply chain is targeted,” said Joseph Carson, chief security scientist and Advisory CISO at Delinea.
James McQuiggan, a security awareness advocate at KnowBe4, advised businesses and governments to invest in advanced threat detection technologies, regularly assess vulnerabilities, and foster a solid cybersecurity culture.
“The ever-evolving, persistent threat of ransomware attacks emphasizes the continued need for organizations to implement a proactive and comprehensive approach to cybersecurity,” he said. “As organizations increase the interconnectivity of critical systems and the potential implications of disruptions, it becomes clear that relying solely on reactive measures is no longer sufficient.”