It's on us. Share your news here.

Japan’s Largest Port and Critical Toyota Shipping Hub Blocked Due to Cyberattack

Posted on July 12, 2023

Nagoya Port, which handles some 200 million tons of cargo every year, mainly related to the automotive industry, has suspended operations after a cyberattack targeted critical systems.

The Nagoya Port Unified Terminal System was hit by a ransomware attack on July 4, so the Nagoya Harbor Transportation Association decided to suspend all operations related to moving containers at the port until the issue is resolved.

The port is one of Toyota‘s main shipping hubs, as the Japanese carmaker relies on this location to import parts and export vehicles to international markets.

The association has already reported the incident to the police, but no further information on the investigation is currently available. The ransomware attack is believed to have restricted access to critical systems in charge of moving containers, so suspending the operations in this department was the only option. The association claims all systems should be up and running again by July 6.

ransomware attack typically relies on a malicious payload deployed on a vulnerable system, restricting access to the computer and requiring a ransom for the decryption key. Hackers hold the decryption key but are willing to provide it to the owner in exchange for a ransom, typically paid in cryptocurrency.

Without paying, the only way to reclaim access to the infected computer is to restore the locked files. The method involves restoring backups, as long as they are available, though the process requires time, sometimes causing massive disruption in the operations of the affected parties.

It’s unclear at this point how severe the impact currently is in the case of Nagoya Port, but Toyota is unlikely to experience any substantial delays due to the downtime. However, given containers can’t be moved out of the port, trailers are currently sitting near the port, waiting for all systems to be restored.

The association did not provide any information on how the ransomware infected vulnerable systems. No hacking group has claimed the attack so far, but the port has previously been the target of similar attempts.

According to the local media, hackers managed to reach out to the association using a message submitted to a printer, confirming the ransomware attack and asking for a ransom. The port’s employees eventually noticed the issue when trying to start a computer, but the access was locked due to the infection. It’s unclear at this point if the association created backups of the infected computers or if it plans to pay the ransom to obtain the decryption key from the hacker group. More information should be offered when operations resume on Thursday.

Last year, Russia-linked hacking group Killnet launched a DDoS attack, causing the port’s website to go down. However, the port’s operations were unaffected. 

Source

It's on us. Share your news here.
Submit Your News Today

Join Our
Newsletter
Click to Subscribe