CMA CGM

In September 2021, **CMA CGM**, a France-based global shipping and logistics giant, fell victim to a **cyber-attack involving Ragnar Locker ransomware**. The attackers infiltrated the company’s network, **stole and encrypted customer data**, and demanded a ransom. To contain the breach, CMA CGM **disconnected its global network from the internet**, halting all **online booking services, operational requests, and partially disrupting port and vessel operations**. Customers were forced to rely on local offices for bookings and inquiries, causing significant operational delays.After the company **refused to pay the ransom**, the hackers **leaked all stolen data**, exacerbating the impact. The attack not only compromised **sensitive customer information** but also **crippled critical business functions**, leading to financial losses, reputational damage, and logistical chaos across its global supply chain. The incident highlighted vulnerabilities in maritime cybersecurity and the severe consequences of ransomware attacks on large-scale industrial operations.

Source: Attack

TPRM report: https://www.rankiteo.com/company/cma-cgm

"id": "cma330092125",
"linkid": "cma-cgm",
"type": "Ransomware",
"date": "9/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': True,
                        'industry': ['shipping', 'logistics', 'maritime'],
                        'location': 'France (global operations)',
                        'name': 'CMA CGM',
                        'type': 'company'}],
 'attack_vector': 'ransomware (Ragnar Locker)',
 'customer_advisories': ['customers advised to contact local offices for '
                         'bookings/inquiries'],
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'type_of_data_compromised': ['customer data']},
 'date_detected': '2021-09',
 'description': 'In September 2021, France-based CMA CGM experienced a '
                'cyber-attack on their network involving hacking and '
                'ransomware. The hackers used Ragnar Locker ransomware to '
                'steal and encrypt customer data. The company shut down '
                'internet access to prevent further spread, disrupting online '
                'booking services, operational requests, and partially '
                'impacting ports and vessels. After refusing to pay the '
                'ransom, all stolen data was leaked.',
 'impact': {'data_compromised': ['customer data'],
            'downtime': True,
            'operational_impact': ['disruption of booking services',
                                   'partial disruption of ports and vessels',
                                   'customers redirected to local offices'],
            'systems_affected': ['online booking services',
                                 'operational request systems',
                                 'ports (partial)',
                                 'vessels (partial)']},
 'initial_access_broker': {'data_sold_on_dark_web': True},
 'motivation': ['financial gain', 'data theft'],
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransom_demanded': True,
                'ransomware_strain': 'Ragnar Locker'},
 'response': {'communication_strategy': ['customers directed to local offices '
                                         'for bookings/inquiries'],
              'containment_measures': ['shut down internet access to prevent '
                                       'ransomware spread'],
              'incident_response_plan_activated': True},
 'title': 'CMA CGM Ransomware Attack (September 2021)',
 'type': ['cyber-attack', 'ransomware', 'data breach']}