Cosco Shipping Victim of Ransomware Attack
The Chinese shipping firm, Cosco Shipping, was just hit with a Windows ransomware virus attack. The attack has caused many of their electronic communications at several North American locations to be inoperable. The breach happened within the last 24 hours and they have been working continuously to restore their functions.
Cosco Shipping is a part of China Ocean Shipping company. It’s the largest carrier of containerized goods in China and the fourth largest in the world. They operate heavily in the United States and most major ports in the world.
Most US Communication Down
Cosco’s US website, email, and many phone lines have been inoperable since the attack. This has forced the company to attempt to maintain communication via twitter and free yahoo email accounts. According to their Facebook page, the rest of their global operation seems to be operating normally.
All of their vessels are functioning at a normal capacity and are still expected to make all of their deliveries; albeit delayed.
Expected Full and Quick Recovery
According to CoscoShipping, they have slowed operations in the US in order to ensure safety and protection for their clients. There is no timeline given as to when they will be at full functioning capacity again.
It’s unclear what kind of Windows malware infected the company. However, Cosco claims that they are expected to make a “full and quick recovery”.
What is Ransomware?
Ransomware is a type of malware virus where the attackers seize control over your data and will issue a ransom to you in order to have it retrieved. Ransomware is very difficult to prevent against and can cause significant damage. Viruses like this only comes into the organization through user error; someone opening up an infected email or visiting an affected web page being the most common methods.
Last year, Maersk shipping was also the victim of a ransomware attack. They were infected by the Wannacry ransomware virus. The attack forced them to shut it’s facilities at the Port of Los Angeles for three days to clean up the virus.
How can you protect against Ransomware?
Ransomware is a form of malware virus and it’s very difficult to prevent against. As mentioned above, ransomware enters an organization through user error. One of the most common ways is through infected emails. Many of these emails are nearly identical to normal emails an employee will receive. For example, some emails will appear as if they came from someone within the organization and seem relatively normal. Upon opening that email the virus is then released.
The first line of defense is training staff on how to detect and avoid suspicious emails and web pages.
Second, your organization needs to be having consistent and frequent backups and replications made. This will allow your organization to have your data and systems backed up and copied. This way if you are the victim of a ransomware attack you can easily restore your systems, not have to pay a ransom and minimize downtime.
Finally, Sophos Intercept X is the only product on the market that helps to prevent ransomware attacks. It’s a machine learning program that works to anticipate and prevent the attacks as they come in. It’s surprisingly cheap at around $3 a user monthly.