Written by Walter Hannemann, Product Manager | 09 July 2019
Everyone dealing with cybersecurity, even if remotely, has heard about ransomware. It's a big crime business.
According to Cybersecurity Ventures, ransomware damages are predicted to reach $11.5 billion in 2019. A new organisation falls victim to ransomware every 14 seconds this year – and every 11 seconds by 2021.
In other words, by the time you’re finished reading this article, approximately 17 companies have been attacked by ransomware. You do not want to be one of them. Read on to learn why taking the necessary steps to protect your ships from ransomware is business critical.
Very simply put, ransomware encrypts data on a computer system or computer files until a ransom has been paid. Unless the ransom is paid, there are usually no other means of recovering the hijacked data. And it might come with additional malware, left active even if a ransom is paid.
Software to unleash a ransomware attack can be easily bought and customised, which is attractive to both sophisticated cybercriminals and novice ones.
The infamous NotPetya ransomware, which took down Maersk’s systems for 10 ten days, was an industry wake-up call and demonstrated that cyber attacks could cripple a company’s operations.
Ships, too, are impacted by ransomware – sometimes directly, sometimes via backend systems and servers used by ships while at sea. BIMCO’s 2018 report Guidelines on Cyber Security Onboard Ships details several cases of ransomware infections occurring in the maritime industry.
In one incident, a shipowner reported two ransomware incidents, both caused by third-party access:
A shipowner reported that the company's business networks were infected with ransomware, apparently from an email attachment. The source of the ransomware was from two unwitting ship agents, in separate ports, and on separate occasions. Ships were also affected but the damage was limited to the business networks, while navigation and ship operations were unaffected. In one case, the owner paid the ransom.
In another, the cause of the infection wasn't interaction with shipping ports, but the company’s inadequate password policy:
A ransomware infection on the main application server of the ship caused complete disruption of the IT infrastructure. The ransomware encrypted every critical file on the server and as a result, sensitive data were lost, and applications needed for ship's administrative operations were unusable. The incident was reoccurring even after complete restoration of the application server. The root cause of the infection was poor password policy that allowed attackers to brute force remote management services successfully. The company's IT department deactivated the undocumented user and enforced a strong password policy on the ship's systems to remediate the incident.
Ransomware spreads as most other malware, and the usual countermeasures are the same. But one particular method is particularly effective: blocking the ability of ransomware to contact their C&C server (command and control server, that instructs the malware on what to do). This is done by using DNS filtering services.
No cybersecurity tools and strategies provide 100% protection. In case of a ransomware incident, one recovery option is paying ransom, but we don’t want to do that. Paying ransom is no guarantee of having the data back and only fuels the malware industry.
The most important thing you can do is make sure you are able to restore your systems and data from a secure, updated, offline backup. Technical countermeasures and awareness training are essential, but having good infrastructure with proper disaster recovery plans goes a long way into protecting your data.
OT systems, which are vital to safe navigation and operation, should have backup systems to enable your ship to quickly and safely regain navigational and operational capabilities after a cyber incident.
Having a vessel (or several) out of operation is costly for you as a shipping company. The downtime, while systems are being restored following an attack, represents lost revenue and increases personnel cost. Security and IT personnel get diverted from their regular duties, resulting in lost productivity and a backlog of work.
Furthermore, a ransomware attack can tarnish your company’s reputation, potentially turning off charterers and cargo owners.
Looking beyond figures and brand reputation, a ransomware attack may also put cargo, crew and even the ship itself in harm’s way – ultimately posing a risk to your very business.
Hence, protecting your ships from ransomware is not only important but vital.
Walter Hannemann started his career in a computer factory product development laboratory in 1983, while taking his education in Electronics and Information Systems. Since then, his jobs have involved software architecture and development, infrastructure design and overall IT management, in both large enterprises and startups. With a passion for “making things work”, shipping applications and all digital things onboard ships became his interest after joining Maersk in 2008. Managing IT in large companies like Maersk Tankers and Torm has given him insider’s knowledge in the shipping industry and enticed his entrepreneurship to help moving the industry into the digital future. Based in Copenhagen as Product Manager for Dualog, Walter enjoys finding solutions for big (and small) problems while keeping the overview and a forward-looking approach, with deep dives in technical subjects when necessary – or possible.