COSCO Shipping North America Hit by Ransomware Attack

Delaware, USA ā€“ July 26, 2018 ā€“ The North American division of the Chinese shipping giant COSCO suffered from a massive ransomware attack. The company has not yet shared the details of which ransomware strain ‘paralyzed’ the network. At the moment the COSCO network in North America is disconnected from the company’s networks in other regions, and the investigation continues. The incident occurred on Tuesday, July 24, affecting the infrastructure that hosts the website, phone and email systems, as well as VPN and WAN gateways. COSCO employees respond to users’ requests through social networks and Yahoo email. Representatives of the company claim that other regions were not affected and business operations in North America are still being carried out. Even though the remediation is still ongoing, it can be said that the aftermath of this cyber attack is significantly less than the result of the NotPetya outbreak for another shipping giant, MAERSK. Last year, the whole network of the company affected during the attack, the recovery took ten days and the attack cost MAERSK over $300 million.

After a silence at the beginning of the year, by the summer the attackers returned to large-scale ransomware attacks on organizations: a devastating attack on a Chilean bank, attacks on MGM Hospital and LabCorp. Failure to detect and prevent ransomware disrupts operations for weeks and rapidly ramps up the financial losses. Attackers use targeted phishing, RDP brute forcing and social engineering to infect whole networks. Ransomware Hunter helps organizations to achieve high detection rates at minimal costs providing detection and automatic alerting capabilities at every stage of the Cyber Kill Chain.