The French carrier was asked by hackers using the Ragnar Locker ransomware to contact them within two days ‘via live chat and pay for the special decryption key’. No ransom price has been named yet.
After initially claiming the company’s booking system was disabled by ‘an internal IT infrastructure issue’, CMA CGM has now confirmed it was hit with a ransomware attack. Several of its Chinese offices were affected, but the container line says it has shut down its network to prevent the spread of malware.
CMA CGM, the French container line, is working to reverse the impact of a ransomware attack that has shut down many of its online services.
The cyber attack was launched using Ragnar Locker, a data encryption malware that has affected companies elsewhere. It is similar to an incident involving Portuguese energy firm EDP Renewables earlier this year.
In an email sent on Sunday and seen by Lloyd’s List (below), the hacker requested the French carrier to contact it within two days “via live chat and pay for the special decryption key”.
The exact price was not disclosed.
In a customer advisory, CMA CGM said the websites of the company and its two subsidiaries — ANL and CNC — had become unavailable alongside its IT applications “due to an internal IT infrastructure issue”.
Staff in Europe have been told not to use any company IT equipment, according to sources.
CMA CGM initially denied it had been hit by a cyber attack. However, vice-president Joël Gentil has now confirmed a security breach.
“The CMA CGM group, excluding CEVA Logistics, is currently dealing with a cyber attack on peripheral servers,” he said. “Now that we have identified this problem, we have interupted the access to our system to prevent the malware from spreading. Now our information system is resuming.”
He said the container line’s network remained open for bookings.
“We are progressively resuming connectivity so in some instances bookings can be taken online, but where customers cannot get online they can call their local offices. The situation is coming back to normal. It will take a few hours.”
An investigation was now under way into how the systems were infected.
The company said further information would be issued later.
Industry sources said services run by the container line at a number of Chinese offices, including Shanghai, Shenzhen and Guangzhou, had been disrupted.
“It seems the booking system is down,” said one container terminal manager at the port of Shanghai. “Cargo loading could be affected.”
Hong Kong port sources said CMA CGM’s operations both at the container terminal and on its vessels are normal.
CMA CGM has a joint venture with PSA, CMA CGM-PSA Lion Terminal, that operates four mega container berths at Singapore’s Pasir Panjang terminals.
PSA declined to comment on operations at the terminal.
The Ragnar Locker attack would make CMA CGM the fourth major container shipping carrier known to have fallen victim to such a major cyber incident.
In July 2018, Chinese giant Cosco Shipping was hit by a cyber attack that disabled its IT systems in the US.
Maersk Line sustained a severe blow from a ransomware attack in 2017, which cost the Danish carrier up to $300m.
Mediterranean Shipping Co suffered a shutdown from a cyber attack earlier this year.