ONE of the outcomes of the Covid-19 pandemic on working practices globally has been the increasing reliance on digital systems in order to do business. But what this has exposed is a vulnerability to attacks by cyber criminals using sophisticated ransomware to blackmail businesses by stealing their access to their own data.

At the beginning of last week, the world’s fourth-biggest container company, CMA CGM, was the victim of a cyber attack by hackers using Ragnar Locker ransomware. Despite initial denials that the incident had taken place, the company later confirmed that it had taken its network offline to prevent the malware spreading further.

The lack of information from CMA CGM following the incident led to complaints from customers speaking to Lloyd’s List that they had to revert to manual processes for bookings and were concerned that existing bookings were not being loaded and shipped.

Systems were gradually being brought back online throughout the week, but the company warned that it suspected the theft of data from its systems had taken place.

The incident with CMA CGM is not a new threat to the shipping industry and follows other high-profile attacks on Mediterranean Shipping Co over the Easter weekend earlier this year, Cosco Shipping in mid-2018 and Danish carrier Maersk the year before.

What appears to have changed now is the targeted nature and frequency of the ransomware attacks, as well as emboldened groups using increasingly advanced malware.

Just three days after the attack on CMA CGM, the International Maritime Organization, which itself has been urging companies to act on cyber risks ahead of new legislation coming into force at the start of next year, was similarly hit by hackers, making its website and internal intranet services unavailable.

This was not the first time the UN agency had been attacked, but it is the most serious and access to systems and communications are still only gradually restored.

It also emerged in the past few days that Danish logistics company Blue Water Shipping was targeted last month, ahead of the CMA CGM and IMO attacks, but fortunately they, together with external security specialists, were able to repel several attempts to penetrate their systems.

Shipping has undoubtedly been slow to heed the warnings of cyber crime but it desperately now needs to speed up progress or potentially face crippling financial losses as well as the trust of customers.

Insurers and lawyers told Lloyd’s List last week that shipowners need to be aware that such crimes will not normally be covered by hull and machinery policies, most of which include an explicit exclusion clause, with insurers simply needing to show that system vulnerability was exploited with malicious intent.

However, perhaps the starkest warning and call to act was delivered in two advisories by the US Treasury Department’s Office of Foreign Assets Control (Ofac) and Financial Crimes Enforcement Network (FinCEN) late last week.

The documents highlighted the dangers of vulnerable systems and the potential for shipping companies, and others, to fall foul of US sanctions rules.

They explicitly explained that companies must make every effort to detect and report ransomware attackers, as well as assist in holding them accountable for their crimes. If they comply with demands, they may also find themselves in trouble.

“Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating Ofac regulations,” the Treasury said.

The US government agency has already showed it is not afraid to flex its muscles to counter sanctions violations on the transport of energy products from Iran and Venezuela, and this may also turn out to be the first shot across the bow on cyber crime violations as well.

Read more about shipping's path to digitalisation in our special hot topic section.