Ransomware severs 1,000 ships from on-shore servers

Ransomware severs 1,000 ships from on-shore servers

A Norwegian company specializing in maritime risk management faced a ransomware attack on January 7th 2023 that caused its ShipManager software to go offline, resulting in 1,000 ships losing their connection to on-shore servers.

However, DNV (Det Norske Veritas: a maritime shipping giant), the company that developed the software, stated that the affected vessels are not in any danger and can continue to operate normally.

The ShipManager software is a platform used to manage marine fleets, including maintenance, crew, and hull integrity, and is used by over 7,000 vessels belonging to 300 customers, with 1,000 ships belonging to 70 customers being affected by the attack.

DNV is not the only company in the maritime shipping industry to fall victim to a ransomware attack. In 2017, the shipping company Maersk experienced severe disruptions due to a NotPetya attack, which resulted in the company having to rely on WhatsApp messaging on personal devices in order to maintain operations.

Maritime Software Solutions owned by Danaos Management in 2021 also suffered a supply chain attack infecting with ransomware tens of shipping companies and was forced to pay the ransom to get their files unencrypted.

Hacker attacks on the maritime industry are a growing concern as the industry becomes increasingly dependent on technology:

* Ransomware: This type of attack encrypts an organization’s files and demands a ransom to be paid in order to regain access to them. This can have a significant impact on maritime operations, as critical data such as ship routes and cargo manifests may be inaccessible.

* Phishing: This type of attack attempts to trick users into revealing sensitive information, such as login credentials or financial information, by disguising itself as a legitimate email or website. This can be particularly dangerous in the maritime industry, as successful phishing attacks can give hackers access to sensitive information about ship routes, cargo, and other operational data.

* Advanced Persistent Threats (APTs): These are targeted attacks that are designed to gain a foothold on an organization’s network, and then move laterally to gain access to sensitive data. APTs can be particularly dangerous for maritime organizations, as they can remain undetected for long periods of time, giving hackers ample opportunity to steal sensitive information.

* Industrial Control Systems (ICS) attacks: Hackers can target the control systems of ships, ports, and other maritime infrastructure to disrupt operations, steal sensitive data, or cause physical damage.


Recent history however shows that the long-term aftermath of a ransomware attack can have significant consequences for an organization. Some possible long-term effects include:
* Loss of revenue: The disruption of business operations and the loss of access to important data can result in lost sales and reduced productivity, which can have a significant financial impact on an organization.
* Damage to reputation: A ransomware attack can damage an organization’s reputation, particularly if sensitive information is compromised or if the attack results in a prolonged disruption of services.
* Compliance violations: Ransomware attacks can result in sensitive data being compromised, which can result in non-compliance with industry regulations (such as HIPAA for healthcare or PCI-DSS for credit card transactions) and large fines.
* Long-term IT costs: Organizations may incur additional IT costs to recover from the attack, such as hiring consultants to help with data recovery and system restoration, purchasing new software, and updating security measures.
* Cyber insurance: Organizations may need to invest in cyber insurance to protect against future attacks and to provide financial compensation in case of an incident.
Recovering from disaster:
Virtual machines (VMs) are a critical aspect of cybersecurity because they provide a way to isolate different parts of an organization’s IT infrastructure, reducing the risk of a cyber attack spreading throughout the entire network.
Here are the the key benefits:
* Isolation: Virtual machines allow organizations to create isolated environments for different parts of their IT infrastructure, such as web servers, databases, and development environments. This helps to reduce the risk of a cyber attack spreading throughout the entire network.
* Testing and development: Virtual machines allow organizations to create test environments that closely resemble production systems, which makes it easier to test software and identify potential issues before they are deployed in a live environment.
* Flexibility: Virtual machines can be easily created, configured, and deleted, which makes it easy to adapt to changing business needs.
* Cost-effective: Virtual machines can be more cost-effective than physical servers, as they can be easily scaled up or down as needed.
* Backup and disaster recovery: Virtual machines can be easily backed up, and can be quickly restored in case of a disaster or cyber attack, helping organizations to minimize the impact of any disruption.
* Compliance: Virtual machines can help organizations meet compliance requirements by providing an extra layer of security to their IT infrastructure.

START TODAY, download Microsoft’s free Hyper-V platform on which you can host your Virtual Machines benefiting all of the above.

Download Hyper-V Server 2019 (free) from Microsoft’s site:
Video on how to install the Hyper-V Server as a hypervisor:
How to install instructions:
Interested for a Hyper-V Server 2022 (need license), see below:
How to backup your Hyper-V (even for free) and protect/isolate from hackers: