Royal Dirkzwager Attacked By Play Ransomware Group

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Mar 20, 2023 06:44 am PST

The Play ransomware group’s campaign, the most recent in a succession of strikes on the shipping sector, was proven to have affected the Dutch marine transport company Royal Dirkzwager. The company’s CEO, Joan Blaas, who acquired it in October after it declared bankruptcy the previous month, told The Record that the ransomware attack did not affect business operations. But it resulted in data theft from servers that housed various contracts and individual data.

The effect on our personnel has been significant. Due to the company’s insolvency over the past year, we were forced to let go of certain employees; nonetheless, only some were able to stay. First this, then we had to shift offices. A really terrible time has been experienced, he remarked.

Having been established in 1872, Royal Dirkzwager supplies data to more than 800 nautical organizations and logs more than 200,000 ship movements annually. Via its technologies, ports are able to anticipate what nautical services will be available when ships arrive and when they do. While claiming to be in talks with the cyberterrorists, Blaas also announced that the Dutch Data Protection Authority had been informed of the attack.

Cybersecurity expert Dominic Alvieri claims that the Play ransomware organization added the business to its list of victims on Monday. The gang initially appeared in July 2022 and began attacking South American governments. Most recently, the group made news for a damaging attack on the City of Oakland, which has been recuperating from the incident for weeks.

Continuous Hack On Shipping Industries Like Royal Dirkzwager

In recent years, ransomware hackers have frequently targeted the shipping industry. A ransomware assault against DNV in Oslo hit around 1,000 vessels in January.

The body that oversees the technical certifications for the building and use of ships and offshore buildings is called the “classification society,” and it is called DNV. DNV, which had more than $2 billion in revenue in 2021, presently provides service to more than 13,175 boats and mobile offshore units.

The business had to shut down the IT servers linked to its ShipManager system as a result of the ransomware attack on January 7. DNV stated in a Wednesday update that while users are back online, work is still being done to reestablish the full scope of service. The company had to rebuild the ShipManager server infrastructure, it added.

“Global IT security partners’ forensic examinations proved that the hack impacted no other components of the DNV IT system. A representative for DNV indicated that the issue had no impact on user accounts, emails, or any other services.

Also, the Norwegian National Security Authority, Data Protection Authority, and the German Cyber Security Authority were informed of the issue, they said, and are all conducting their own investigations.

The LockBit ransomware organization hit the Port of Lisbon in January, and Europe has experienced a spate of ransomware attacks on ports in recent years. Ports in Belgium and the Netherlands experienced problems as a result of a cyberattack; terminals run by SEA-Tank, Oiltanking, and Evos at Antwerp, Ghent, Amsterdam, and Terneuzen all reported problems with their operational systems.

In February 2022, the loading and unloading systems of the oil businesses Oiltanking and Mabanaft, both of which are owned by the German logistics giant Marquard & Bahls, were compromised by a cyberattack. In response to the attacks, Oiltanking “announced force majeure,” it stated.

A hack that last year disabled some of the operating systems of the world’s largest logistics and freight forwarding company, Expeditors International, was also publicly disclosed. This attack caused months’ worth of global operations to be slowed.


The Play group’s ransomware struck Dutch marine logistics company Royal Dirkzwager, the most recent in a string of attacks on the shipping sector. The CEO of the business, Joan Blaas, who acquired it in October after it declared bankruptcy the previous month, told The Record that the ransomware attack had little impact on business operations but did result in data theft from servers that housed various contracts and individual data.

“It has significantly impacted ours. We had to let go of workers during the past year due to the company’s insolvency, and only some were able to stay. Now that our offices had to be moved, this. That has been a really challenging period, he remarked. Royal Dirkzwager, a company that was founded in 1872, registers more than 200,000 ship movements annually and gives information to more than 800 nautical organizations. With the help of its technology, ports can predict when ships will arrive and what nautical services will be available when they do.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Trevor Dearing
Trevor Dearing , EMEA Director of Critical Infrastructure
InfoSec Expert
March 21, 2023 11:27 am

“The recent attack on Royal Dirkzwager is the latest in a line of attacks on the shipping industry. Similar to the attacks we saw on the Port of Lisbon, it exemplifies the value seen by threat actors in targeting supply chains and vital services to quickly achieve their ransom goals.  

“With attacks like this continually affecting this sector, companies like Royal Dirkzwager, who are already financially struggling, need to adopt a Zero Trust approach not only to limit further damages, but also to reduce costs through prioritising security in vital areas. By segmenting critical assets and only allowing known and verified communication between valuable areas in a business, the impacts of attacks like this can be limited and contained.” 

Last edited 1 month ago by Trevor Dearing

Recent Posts

Would love your thoughts, please comment.x