A ransomware infection has crippled the US network of one of the world's largest shipping giants —COSCO (China Ocean Shipping Company).
"Due to local network breakdown within our America regions, local email and network telephone cannot work properly at the moment," said the company in a press release. "For safety precautions, we have shut down the connections with other regions for further investigations."
But while the company described the incident as a "network breakdown," according to internal emails seen by several maritime news sites [1, 2], the company referred to the incident as a ransomware infection.
COSCO warned employees in other regions not to open "suspicious emails" and urged its IT staff to perform a sweep of internal networks with antivirus software.
The type of ransomware that infected the company's network is still unknown. COSCO did not respond to multiple requests for comment sent by Bleeping Computer.
The incident took place on Tuesday, July 24, but today, the company's American Region IT infrastructure was still down, including email servers and telephone network, according to a Facebook post. The company's US website was also down and was still down at the time of this article's publication.
The company's US employees have resorted to using public Yahoo email accounts to answering customer problems reported via social media.
COSCO is the world's fourth-largest maritime shipping company. A.P. Møller-Maersk, the world's largest shipping firm, also suffered a ransomware infection last year when it was one of the NotPetya ransomware outbreak's largest victims.
Speaking at a panel on securing the future of cyberspace at the World Economic Forum held in January in Davos, Switzerland, Maersk's CEO said the company's engineers had to reinstall over 4,000 servers, 45,000 PCs, and 2500 applications over the course of ten days in late June and early July 2017, following the NotPetya outbreak.
The COSCO incident is much smaller in size and nature compared to Maersk's NotPetya troubles. Some of Maersk's shipments were trapped in some ports because of NotPetya, something that doesn't seem to have happened to COSCO, according to current reports.
If anybody from Cosco is reading I help with anything like this free of charge for the insight gained, send me an email if you want.— Kevin Beaumont (@GossiTheDog) July 25, 2018