CMA CGM suspects data breach in recent cyber attack

CMA CGM is still working on restoring its information systems after suffering a cyber attack on Monday 28 September. The shipping company has now said it suspects a data breach and a team is doing everything possible to assess its potential volume and nature.

On Wednesday, the back-offices (Shared Services Centers) were gradually being reconnected to the network to improve the bookings’ and documentation’s processing times. Today, 1 October, the APL and ANL websites are still down.

Ragnar Locker

An official from the shipping company has confirmed to Lloyd’s List that the company was hit by so-called Ragnar Locker ransomware. This ransomware first appeared about 6 months ago and is distributed via e-mail attachments and advertisements. Files of infected systems can no longer be opened, extensions are changed and a ransom message is generated automatically. Hackers also try to get hold of sensitive information via the malware.

The company has said the malware ‘was able to be rapidly isolated and all necessary protection measures implemented’. In addition, CMA CGM stresses that all communications to and from the CMA CGM Group are secure, including emails, transmitted files and electronic data interfaces (EDI). Maritime and port operations are functioning as per usual as well.

The shipping company does now suspect, however, that hackers got hold of company data. CMA CGM’s technical teams, alongside independent experts, are continuing an investigation into the attack.

Top four container carriers all suffer attacks

With the attack on CMA CGM, fourth in the world rankings, all 4 major container carriers have now fallen victim to massive cyber attacks in the space of a few years. The previous victim was MSC, the number 2, whose website and customer platform was down for days in April this year.

2 years ago, the American branch of China’s number 3 Cosco was also hit, causing the network in the US to be shut down for a few days. The extent of the damage caused by that attack fell far short of the almost worldwide infection of list leader Maersk with the NotPetya virus a year earlier. It cost the group hundreds of millions, partly due to the failure of container terminals and the need to replace software and hardware on a large scale.

Author: Mariska Buitendijk

Mariska Buitendijk is one of SWZ|Maritime's journalists as well as the magazine's copy editor.