Ransomware Attack Hits Japan’s Biggest Port, Disrupting Cargo Shipments

Japan’s biggest maritime port was crippled by an alleged Russian cyberattack, disrupting cargo as operators rushed to prevent a wider delay in shipments.

Ransomware — used by hackers to lock access to files or systems unless a payment is made — caused a container terminal at the Port of Nagoya in Aichi Prefecture to suffer an outage Tuesday morning, the Nagoya Harbor Transportation Authority said Wednesday. The authority said operations are expected to resume Thursday at 8:30 a.m. local time.

As more Asian ports automate and move away from paper documentation, hackers pose a growing problem to the region’s shipping networks. Cyber criminals have been targeting European ports in recent years, with pro-Russia groups claiming responsibility for an attack on one of the continent’s biggest ports just last month.

The Nagoya port authority said Russia-based ransomware group Lockbit 3.0 was responsible for the hack, Kyodo News reported Wednesday. Ransomware attackers tend to target vulnerabilities in VPNs and remote desktop protocols, said Mihoko Matsubara, NTT Corp.’s chief cybersecurity strategist. She said such breaches account for 80% of ransomware attacks in Japan.

“Its crucial for companies to update or patch software they use for their business operations,” Matsubara said.

Nagoya is one of several ports globally to be recently targeted by malware. Last Christmas, hackers broke into the computer systems at Portugal’s Port of Lisbon, holding up operations for days. Jawaharlal Nehru Port Trust, India’s busiest container port, also suffered a ransomware attack last year. In 2021, South Africa’s port and rail company was targeted with a strain of ransomware that cybersecurity experts have linked to groups in Eastern Europe and Russia.

Recent data breaches often involve “double extortion” in which a ransom is demanded for the recovery of stolen information as well as keeping it from being published, said David Suzuki, Japan managing director of Blackpanda, a Singapore-based cybersecurity firm.

Toyota Motor Corp., the world’s biggest carmaker by units sold, said the attack in Nagoya on Tuesday won’t affect the shipment of new cars yet, but imported and exported parts cannot be loaded or unloaded at the port until the problem is resolved. Currently there is no impact on production, a spokesperson said.

Authorities in Japan say such attacks are on the rise. Last year, a cyberattack on one of Toyota’s suppliers in Aichi Prefecture forced it to halt operations at 14 factories.

–With assistance from Grace Huang.

Photograph: Suzuki Motor Corp. vehicles bound for shipment sit behind a fence at the Nagoya Port, Aichi Prefecture, Japan, on Monday, Aug. 24, 2020. Photo credit: Toru Hanai/Bloomberg