Ransomware attack knocks down shipping titan COSCO’s U.S. network

July 28, 2018

 

A ransomware attack has ruthlessly deactivated the U.S. system of COSCO (China Ocean Shipping Company), one of the world’s biggest shipping firms.

The company attributed the consequences of the attack to a “local system failure” in its press release, nevertheless, internal electronic mails read by maritime news Llyod’s List and Joc.com disclosed the firm referred to the occurrence as a ransomware infection demonstrate the firm advising workers in other regions not to open doubtful electronic mails.

It is unclear what sort of ransomware was used in the attack even though industry officials say the attack was most probably caused by SamSam. The occurrence happened on July 24 and the firm’s American IT infrastructure including the telephone network, electronic mail servers, and company website are all affected, as per Bleeping Computer.

The COSCO’s U.S. workers resorted to using public Yahoo email accounts to answer client difficulties reported through social media while the firm’s IT workforce perform a sweep of internal networks with antivirus software.

Javvad Malik, safety supporter at AlienVault said COSCO was intelligent to separate the infected system from the rest of the systems in order to avoid the additional spread of the malware.

“Ransomware continues to cause mayhem within firms,” Malik said. “It’s unclear whether this was a directed or unplanned attack, however, workers must be skilled to be able to identify doubtful electronic mails and not click on links, or have an easy-to-escalate path where they are uncertain as to whether an electronic mail is malevolent or not”

Malik added that it is also important to have good danger detection and reaction controls in place so that any attack can be managed quickly and said firms must have a recovery and reaction plan arranged in advance so that company jobs can be resumed swiftly.

Bob Noel, Director of Marketing and Strategic Partnerships for Plixer noted the occurrence of phishing attacks as a usual mechanism used to spread ransomware.

“All it takes is for a single worker running an unpatched machine to be duped into opening a malevolent electronic mail, clicking on the incorrect link, and the malware is off to the races,” Noel said. “There are numerous important measures that companies must be taking to decrease their risk.”

Noel went on to say frequent weakness evaluations and related repairing is important, however, the frequency that new patches and updates are released can be overwhelming. To assist fight this problem, companies must leverage a network traffic analysis platform to check all network traffic, watching for known protocol misuses and C2 server traffic linked with ransomware attacks, and have a pre-planned reaction particular to ransomware attacks.