A ransomware attack has severely disabled the U.S. network of COSCO (China Ocean Shipping Company), one of the world's largest shipping companies.
The firm attributed the effects of the attack to a “local network breakdown” in its press release, however, internal emails read by maritime news Llyod's List and Joc.com revealed the company referred to the incident as a ransomware infection show the company advising employees in other regions not to open suspicious emails.
It is unclear what type of ransomware was used in the attack although industry officials say the attack was most likely caused by SamSam. The incident took place on July 24 and the company's American IT infrastructure including email servers, telephone network, and company website are all affected, according to Bleeping Computer.
The COSCO's U.S. employees resorted to using public Yahoo email accounts to answer customer problems reported via social media while the company's its IT staff perform a sweep of internal networks with antivirus software.
Javvad Malik, security advocate at AlienVault said COSCO was wise to segregate the infected network from the rest of the networks in order to prevent further spread of the malware.
“Ransomware continues to wreak havoc within companies,” Malik said. “It's unclear whether this was a targeted or casual attack, but employees should be trained to be able to recognize suspicious emails and not click on links, or have an easy-to-escalate route where they are unsure as to whether an email is malicious or not”
Malik added that it's also important to have good threat detection and response controls in place so that any attack can be dealt with swiftly and said companies should have a recovery and response plan prepared in advance so that business functions can be resumed quickly.
Bob Noel, Director of Marketing and Strategic Partnerships for Plixer noted the prevalence of phishing attacks as a common mechanism used to spread ransomware.
“All it takes is for a single employee running an unpatched machine to be duped into opening a malicious email, clicking on the wrong link, and the malware is off to the races,” Noel said. “There are several important steps that organizations should be taking to lower their risk.”
Noel went on to say frequent vulnerability assessments and associated patching is important, but the frequency that new patches and updates are releases can be overwhelming. To help combat this issue, organizations should leverage a network traffic analysis platform to monitor all network traffic, looking for known protocol abuses and C2 server traffic associated with ransomware attacks, as well as have a pre-planned response specific to ransomware attacks.
