Fraud Management & Cybercrime , Ransomware
Ransomware Attack Affects 1,000 Vessels WorldwideNorway's DNV Shuts Down IT Servers, Investigates Attack
A ransomware attack shut down servers hosting software used to manage the crewing and maintenance schedules of about 1,000 vessels across the globe.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
Norwegian classification society DNV, maker of ShipManager software, says it took the servers offline after detecting a cyber incident on Jan. 7.
Onboard software functionally continues to operate, says DNV, which also sets standards for the construction and operation of ships.
"There are no indications that any other software or data by DNV is affected. The server outage does not impact any other DNV services," the company says. It has contacted Norwegian police.
DNV says more than 7,000 vessels owned by 300 customers use ShipManager.
The attack comes amid mounting concern over the susceptibility of the global supply chain to cyberattacks following Russia's February 2022 invasion of Ukraine and worries about the ripple effects of the war for the world economy. DNV is not attributing the source of its ransomware attack. Most ransomware hackers are avowedly apolitical, lest they complicate extortion payments by causing firms to fret that they're violating U.S. financial sanctions.
Still, for-profit ransomware hacking by mostly Russian ransomware-as-a-service groups and Kremlin priorities often align, not the least since ransomware criminals operate with the forbearance of the state (see: Russia Has Taken No Action to Combat Ransomware, FBI Says).
Operations for global shipping giant A.P. Møller-Maersk were crippled for days in the aftermath of a 2017 ransomware worm the U.S. federal government later said had been the work of Russia intelligence.
A 2022 report on the state of maritime industry cybersecurity found that close to half of more than 200 surveyed industry professionals said their organizations had experienced a cyberattack during the last three years.
So far, the impact of those cyberattacks, including the attack against DNV, are felt by onshore systems rather than onboard ships. Industry experts warn that may change as bandwidth improvements enable a tighter coupling between onshore systems and navigation and other onboard systems.