In a significant development, Japan’s largest port by cargo throughput, the Port of Nagoya, has suffered a significant cybersecurity incident. Suspected to be the result of a crippling ransomware attack, Nagoya Port cyber attack has stalled cargo operations and sparked a thorough police investigation.
At the time of publishing the report, the official website of the Nagoya Port, which had experienced a cyber attack, was accessible.
According to the Japan Harbor and Transportation Association (JHTA), a system failure occurred around 6:30 am on 4 June, and it became impossible to move in and out of the container.
Reports indicate, the Harbor Transport Association hopes to restore the system by 6:00 pm Tokyo time on the June 5, and resume loading and unloading containers from the morning of the June 6, 2023.
The Nagoya Port Cyber Attack in Detail
The Port of Nagoya, responsible for approximately 10% of Japan’s total trade volume and a key hub for Toyota Motor Corporation’s car exports, first experienced system failure on Tuesday morning.
An employee noticed the issue when they could not start a computer, according to the Nagoya Port Authority.
Soon after, a message indicating a ransomware infection was sent to a printer, suggesting the network’s infiltration by cybercriminals, reported Nikkei Asia.
The authorities have received a ransom demand for system recovery, pointing towards an orchestrated cyberattack, said the report.
According to a report by a Japanese media house, LockBit is the suspected ransomware actor behind the incident.
The Nagoya Port Ransomware Attack: Part of a Larger Trend?
The Port of Nagoya cyber attack is the latest in a growing trend of ransomware attacks on port infrastructure. Nagoya itself was in the cybersecurity news recently for a similar incident.
In September 2022, pro-Russia hacker group Killnet claimed responsibility for a cyber attack on the Port of Nagoya and several other Japanese websites.
The attacks, suspected to be distributed denial-of-service (DDoS) attacks, involved flooding computer systems with massive amounts of data to temporarily paralyze them.
Killnet later released a video on Telegram stating that the attacks were a “declaration of war” on the Japanese government.
Last Christmas, Portugal’s Port of Lisbon faced a similar ordeal, as did India’s busiest container port, Jawaharlal Nehru Port Trust, last year.
In 2021, South Africa’s port and rail company was a target of ransomware attacks, linked to groups from Eastern Europe and Russia.
This Nagoya port cyber attack mirrors a common pattern of double extortion.
Cybersecurity firm Blackpanda’s Japan managing director, David Suzuki, explained that this involves demanding a ransom for the recovery of stolen information and preventing its publication.
Immediate Impact of the Nagoya Port Cyber Attack
Despite the system glitch, the port operator has expressed its intent to resume operations on Thursday morning.
Toyota Motor Corp., the world’s biggest carmaker, assured that the attack wouldn’t affect new car shipments.
However, imported and exported parts cannot be loaded or unloaded at the port until the problem is resolved, with no immediate impact on production.
This cyber attack follows a Distributed Denial-of-Service (DDoS) attack on the port’s website by the pro-Russian group Killnet on September 6, 2022, which rendered the site unreachable for about 40 minutes.
Looking Ahead: Lessons from the Port of Nagoya Ransomware Attack
The Nagoya Port cyber attack serves as a stark reminder of the increasing vulnerability of our digital infrastructure.
NTT Corp.’s chief cybersecurity strategist, Mihoko Matsubara, stressed the importance of timely software updates and patches in preventing such breaches, accounting for 80% of ransomware attacks in Japan.
As Asian ports progressively automate and move away from paper documentation, protecting against cyber threats becomes paramount.
It’s a high-stakes task for the authorities to restore the “Nagoya Port Unified Terminal System” (NUTS) — the central system controlling all container terminals at the port, and maintain the circulation of goods, a lifeline for Japan’s economy.
The identity of the threat actor behind the Port of Nagoya ransomware attack remains unknown. Still, its implications reverberate across the global shipping industry, emphasizing the urgent need for robust cybersecurity measures.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.