14 Dec Are ransomware, virus and worms used to hack ships specifically designed for that purpose?
Nowadays ships have local area networks (and servers) to share documents, emails and other special maritime software. There two ways for a virus to reach a ship. Via email, fortunately satellite providers that deliver emails do perform various scans, but there might be a loophole somewhere.
The crew however have also personal laptops that sometimes connect to the local network or share with each other files using a USB stick. A person like a surveyor visiting the ship might also carry malware on his USB stick.
It’s still difficult and expensive to remote to a ship and update antivirus or set policies. Sometimes Shipping companies buy a ship having already their computer infected. That ship can run on a tight schedule with minimum time on a port, making it impossible for an IT engineer to visit her and clean/check PCs.
Don’t forget that satellites have a specific bandwidth that can provide to a ship over a specific region (similar to the limitations of a mobile/cellular antenna) or a ship can be in a shipyard with interferences from metal structures blocking internet access.
Other times it’s difficult to communicate in English with crew as their language skills are to a basic standard.
We (as we do provide services and software to maritime companies) had to come up with different approaches to solving this problem. We install antivirus software that can be off line updated using a CD. We also prefer to setup Linux workstations that connect to a central location via RDP on a server, thus minimizing risks and making control and backup easier. Even removal of USB ports wherever possible or installing USB lock devices.
So far we had many cases of infections that could be handled one way or another.
Fortunately no specific targeted ransomware case.
Shipping companies’ offices however are specifically targeted via ransomware and fake payment emails via their suppliers. We had cases with clients being victims of cyber criminals pretending to be a vendor/suppler sending fake banking details and managing to get real money out of their accounting departments.
So far no targeted attack on a ship, but we believe it’s a matter of time…
Cyber criminals are one step ahead from us IT engineers. It’s a billion USD business per year. So they will find a way to get through.
So training is the best remedy. Keep your crew educated with written instructions or video presentations on how to protect themselves.