US shipping giant COSCO reportedly hit by destructive ransomware

• The impacted infrastructure hosts COSCO’s website (cosco-usa.com), phone, email systems, WAN and VPN gateways.
• Employees in other regions have been warned not to open any suspicious emails and conduct a thorough scan of network.

A ransomware attack on one of the world’s largest shipping giant, COSCO, has reportedly disrupted some of the company’s systems in the United States. The incident took place on July 24.

The Chinese-owned shipping and logistics company has described the incident as a ‘network breakdown’. However, according to internal emails, the incident is being referred to as a ransomware infection.

COSCO maintains its silence

"Due to local network breakdown within our America regions, local email and network telephone cannot work properly at the moment," said the company in a press release.

The firm says it has suspended its network connection with other regions to investigate the matter further.

“So far, all the vessels of our company are operating as normal, and our main business operation systems are performing stably. We are glad to inform you that we have taken effective measures,” COSCO stated. “The business operations in the affected regions are still being carried out, and we are trying best to make a full and quick recovery. We will keep you updated on the latest progress through various channels.”

Ransomware or network breakdown?

While COSCO is yet to officially comment on the alleged ransomware attack, independent security researcher Kevin Beaumont has reported that the impacted infrastructure hosts COSCO’s website (cosco-usa.com), phone and email systems and WAN and VPN gateways.

Meanwhile, as a safety precaution, COSCO has warned employees in other regions not to open suspicious emails, urging its IT staff to perform a proper scanning of internal networks using antivirus software.

Although it is still unknown as to what strain of ransomware was used as part of the attack, the COSCO incident is reportedly much smaller in size and nature in comparison to Maersk’s NotPetya ransomware attack. The Maersk attack resulted in employees having to manually process 80 percent of the work, while systems were being restored. The incident cost Maersk over $300 million.