In late September 2020, the French shipping giant **CMA CGM** fell victim to a **Ragnar Locker ransomware attack** orchestrated by the **Ragnar Locker Gang**. The cybercriminals **exfiltrated personal data of clients** and encrypted critical systems, demanding a ransom in exchange for a decryption key. While the **marine and port operations remained functional**, the attack **disrupted online booking services, operational requests, and loading processes**, forcing customers to rely on local offices for assistance. The company **isolated its global network by cutting internet access** to contain the ransomware’s spread. The primary motive was **financial extortion**, though the exact ransom amount was not disclosed publicly. The incident caused **operational slowdowns, reputational damage, and potential long-term trust erosion** among clients, though no evidence suggested a complete halt in core shipping activities. The stolen **customer data** heightened concerns over **privacy breaches and regulatory compliance risks**.
Source: https://lloydslist.maritimeintelligence.informa.com/LL1134044/CMA-CGM-confirms-ransomware-attack
TPRM report: https://www.rankiteo.com/company/cma-cgm
"id": "cma642092025",
"linkid": "cma-cgm",
"type": "Ransomware",
"date": "9/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'shipping/logistics',
'location': 'France (global operations)',
'name': 'CMA CGM',
'size': 'large',
'type': 'corporation'}],
'customer_advisories': ['customers directed to local offices for bookings and '
'queries'],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (personal client data)',
'type_of_data_compromised': ['personal data']},
'date_detected': '2020-09-25',
'date_publicly_disclosed': '2020-09-27',
'description': 'In September 2020, the French shipping company CMA CGM was '
'targeted by the Ragnar Locker ransomware gang. The attackers '
'stole personal client data and demanded a ransom for a '
'decryption key. The company disabled its internet connection '
'to contain the attack, disrupting online booking services '
'while keeping marine and port operations functional. The '
'attack aimed at financial gain, though the exact ransom '
'amount was not disclosed.',
'impact': {'data_compromised': ['personal data of clients'],
'downtime': 'partial (online services suspended, local offices '
'used for bookings)',
'identity_theft_risk': 'likely (personal data stolen)',
'operational_impact': 'loading processes hampered, but marine and '
'port activities remained operational',
'systems_affected': ['online booking services',
'operational request systems']},
'motivation': 'financial gain',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_demanded': True,
'ransomware_strain': 'Ragnar Locker'},
'references': [{'date_accessed': '2021',
'source': 'Port Technology International Team'}],
'response': {'containment_measures': ['disabled internet connection to '
'prevent ransomware spread'],
'incident_response_plan_activated': True,
'recovery_measures': ['directed customers to local offices for '
'bookings and queries']},
'threat_actor': 'Ragnar Locker Gang',
'title': 'Ransomware Attack on CMA CGM by Ragnar Locker Gang',
'type': 'ransomware'}