A ransomware infection has crippled the US network of one of the world’s largest shipping giants —COSCO (China Ocean Shipping Company). IT security experts commented below.
Javvad Malik, Security Advocate at AlienVault:
“Ransomware continues to wreak havoc within companies. It’s unclear whether this was a targeted or casual attack, but employees should be trained to be able to recognise suspicious emails and not click on links; or have an easy-to-escalate route where they are unsure as to whether an email is malicious or not.
Similarly, it’s important to have good threat detection and response controls in place so that any attack can be dealt with swiftly.COSCO was wise to segregate the infected network from the rest of the networks in order to prevent further spread.
It’s important for companies to have a recovery and response plan prepared in advance so that business functions can be resumed quickly.”
Andy Norton, Director of Threat Intelligence at Lastline:
“The costs from a loss of operational capability to Maritime organisations has been shown to run into the hundreds of millions of dollars in a matter of days. Ransomware with worm like features have demonstrated a vulnerability in many sectors of business. Perhaps it is a business necessity that shipping organisations have a relatively open network, that would allow the fast propagation of a worm. If this is the case the dynamic analysis of objects entering the environment would highlight the malicious propagation behaviours and offer risk mitigation against this type of attack.”