[Security Weekly] Shipping Giant CMA CGM Goes Offline Following Ragnar Locker Ransomware Attack
1st Week of October 2020
1. Shipping giant CMA CGM goes offline after hit by Ragnar Locker ransomware
CMA CGM S.A., one of the world’s big four shipping companies along with Maersk Line, MSC, and COSCO Shipping, disclosed a ransomware incident that affected some of its peripheral network servers, forcing it to disconnect its network.
With over 700 offices in more than 160 countries, CMA CGM’s Chinese offices in Shanghai, Shenzhen, and Guangzhou were directly infected by the ransomware. The company immediately cut down its internet access to prevent the ransomware from spreading to the rest of the global network. As a result, all online booking services and operation requests were shut down. Customers were asked to contact their nearest local office for bookings and inquiries. Despite the ports and vessels remaining functional, loading procedures were also partially impacted.
According to sources at Lloyd’s List, the attackers, who happen to be operators of the Ragnar Locker ransomware, asked CMA CGM to pay the ransom within two days in exchange for the decryption key.
All of the big four shipping giants have now been a victim of ransomware attacks. Maersk Line was hit by ransomware in 2017, followed by COSCO Shipping in 2018, and MSC in 2020. Indeed, ransomware has become one of the most prominent threats for large enterprises, signaling the importance of database encryption. To learn more about the benefits of database encryption, click here.
2. Universal Health Services shut down hospitals following Ryuk ransomware attack
Universal Health Services (UHS), a Fortune 500 company operating more than 400 hospitals in the US and UK, suffered a ransomware attack that caused a number of hospitals to shut off their IT systems and redirect patients to nearby hospitals.
The attack happened at dawn on September 27, forcing many hospitals in California, Texas, Florida, North Carolina, Arizona, and Washington D.C to shut down their entire IT systems. Not only were outpatients turned away, many inpatients were not able to receive their medicine on time as the nurses could not pull out the medical records stored in the computers. Everything had to be handwritten.
Even though UHS did not disclose the details of the attack, its employees on Reddit provided additional information on the incident. Employees revealed that at the time of the attack, a ransom note was shown on the screen of their computers after a forced restart. Soon later, all IT systems were shut down and employees were told to keep them offline, presumably to prevent the ransomware from spreading further.
According to the employees’ information, the attackers appeared to be the Ryuk ransomware family. As of now, the exact number of hospitals impacted is still unclear.
3. Cryptocurrency exchange KuCoin loses $150 million to hackers
On September 26, Singapore-based cryptocurrency exchange KuCoin noticed large amounts of suspicious withdrawals, and later discovered that the private keys of its crypto wallets were exposed to hackers, leading to a massive loss of at least $150 million. Stolen coins included Bitcoin, Ethereum, Litecoin, Tron, and others.
KuCoin’s CEO Johnny Lyu disclosed in a statement on the same day, confirming that tokens including Bitcoin and ERC-20 stored in its hot wallets were emptied by attackers. Like other cryptocurrency exchanges, KuCoin uses hot wallets to temporarily store assets that are being exchanged. Fortunately, cold wallets were not affected by the hack.
The company froze all transactions to prevent any additional leakage of funds, and reassured its users that all lost funds would be reimbursed by their insurance policy.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: ISign+
Car, Energy, Factory, City Solutions: Penta IoT Security