UPDATE: Sept. 30, 2020: CMA CGM, a major ocean carrier, said it believes a malware attack resulted in the unintended release of the company's data, according to a statement on Twitter Wednesday. "We suspect a data breach and are doing everything possible to assess its potential volume and nature," the company wrote.
Access to CMA CGM's e-commerce application was still down Wednesday. But the carrier put out a statement saying that its communications are secure including emails, transmitted files and electronic data interchange interfaces.
"Today, the back-offices (Shared Services Centers) are gradually being reconnected to the network thus improving the bookings’ and documentation’s processing times," the carrier said in a statement Wednesday. "We suspect a data breach and are doing everything possible to assess its potential volume and nature."
CMA CGM is directing shippers to the INTTRA portal for bookings but said filling out a manual form is another alternative.
Dive Brief:
- External access to CMA CGM's information technology applications was unavailable early Monday morning as the carrier dealt with a cyberattack, the France-based company said on Twitter.
- The attack affected CMA CGM's "peripheral servers," it said. "As soon as the security breach was detected, external access to applications was interrupted to prevent the malware from spreading."
- Ceva Logistics, a CMA CGM subsidiary, was not affected. The carrier is accepting booking and operations requests, but told shippers to contact their "local agency."
Dive Insight:
CMA CGM said an investigation is underway with internal and external experts. It also said access to its systems was "gradually resuming."
The attack was caused by ransomware known as Ragnar Locker, according to Lars Jensen, the head of consulting at Sea-Intelligence, who cited Lloyds List in a LinkedIn post Monday.
Jensen also shared a screenshot from a CMA CGM computer showing the warning the attack. It said the user's data was encrypted and it would need to pay for a decryption key.
The outage occurs as ocean shipping peak season is in full swing with trade between the U.S. and China surging. But carrier volume has been hit throughout the year due to the pandemic. CMA CGM's volume was down more than 13% YoY in the Q2, the carrier announced this month.
This is the second cyberattack to bring down the systems of a major shipping line this year. In April, a malware attack brought down MSC's website and MyMSC. MSC has its systems back up and running within five days of confirming the attack.
Large cyberattacks also affected COSCO in 2018 and Maersk in 2017. The attack against Maersk was especially catastrophic as it affected port, deport and terminal operations, costing the company up to $300 million.
One way shippers can help protect themselves from cyberattacks on carriers is to ask forwarders and carriers about their cybersecurity protocols and what their plans are, should one occur, according to Subodha Kumar, professor of marketing and supply chain management at Temple University's Fox School of Business.