On 24 July 2018, COSCO Shipping’s Pier J terminal at the Port of Long Beach was struck by a ransomware attack, disrupting operations across multiple countries, including the United States, Canada, Panama, Argentina, Brazil, Peru, Chile, and Uruguay. The attack isolated network and computer systems in the Americas, forcing the company to shut down connections—including phones and emails—with other global locations to prevent further spread. While the core operating systems and ships remained unaffected, the incident caused significant operational disruptions, compelling employees to rely on Yahoo email and social media for client communications. The company initiated investigations to resolve network issues, but the threat actors and attack vector remained undisclosed. The attack’s geographical spread and systemic shutdowns highlighted vulnerabilities in critical logistics infrastructure, though no permanent damage to assets or data breaches were reported.
Source: https://www.bankinfosecurity.com/shipping-giant-cosco-hit-by-ransomware-attack-a-11256
TPRM report: https://www.rankiteo.com/company/cosco-shipping-ports-limited
"id": "cos345092125",
"linkid": "cosco-shipping-ports-limited",
"type": "Ransomware",
"date": "7/2018",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'shipping/logistics',
'location': ['United States (Port of Long Beach)',
'Canada',
'Panama',
'Argentina',
'Brazil',
'Peru',
'Chile',
'Uruguay'],
'name': 'COSCO Shipping',
'type': 'company'}],
'date_detected': '2018-07-24',
'description': 'On the 24th of July 2018, COSCO Shipping’s Pier J terminal at '
'the Port of Long Beach was hit by a ransomware attack, '
'affecting operations in multiple countries across North and '
'South America, including the United States, Canada, Panama, '
'Argentina, Brazil, Peru, Chile, and Uruguay. The attack was '
'limited to parts of the network and computer systems in the '
"Americas, with the company's main operating systems remaining "
'unharmed. To mitigate further disruptions, COSCO temporarily '
'shut down network connections, including phones and emails, '
'and employees resorted to using Yahoo email accounts and '
'social media for client communication. The threat actors and '
'their motivations remain unidentified.',
'impact': {'operational_impact': 'temporary shutdown of network connections '
'(phones, emails); use of alternative '
'communication methods (Yahoo email, social '
'media)',
'systems_affected': ['network systems',
'computer systems (Americas only)']},
'investigation_status': 'ongoing (as of reporting)',
'ransomware': {'data_encryption': True},
'response': {'communication_strategy': 'alternative communication via Yahoo '
'email and social media',
'containment_measures': ['shut down network connections '
'(including phones, emails)',
'isolated affected regions (Americas)'],
'incident_response_plan_activated': True,
'recovery_measures': ['use of alternative communication channels '
'(Yahoo email, social media)'],
'remediation_measures': ['investigation of network issues']},
'title': 'COSCO Shipping Ransomware Attack at Port of Long Beach (2018)',
'type': 'ransomware'}