Critical Infrastructure Security , Fraud Management & Cybercrime , Ransomware
Japanese Port Reopens After Russian Ransomware Group Attack
Reported LockBit 3.0 Attack Locked Up System for 2 Days, Halted Toyota ShipmentsRansomware believed to originate from the Russian LockBit 3.0 group locked up computer systems for the Port of Nagoya, Japan's largest cargo hub. The attack held up shipments of Toyota auto parts containers for two days, but the port reopened Thursday morning.
See Also: A Strategic Roadmap for Zero Trust Security Implementation
Local media, quoting the Nagoya Harbor Transportation Association, reported Wednesday that LockBit 3.0 had demanded a ransom to restore the port authority's systems and then had notified police. They said they were unable to access the system, but a ransom note printed out on an office printer.
The association manages trucking and gate operations with the Nagoya Port Unified Terminal System, known locally as NUTS. After hackers shut down NUTS, the association informed customers and reported the incident to the Aichi Prefectural Police, which is investigating. The association originally planned to restore NUTS at 6 p.m. Wednesday, but it announced the resumption of normal operations Thursday morning.
"Currently, large-scale traffic congestion is occurring around the container terminal and inside the port," according to a Nagoya Port Authority update. "Please be careful when traveling through the port, such as checking traffic information in advance."
Nagoya Harbor, a major shipping and transportation hub between Tokyo and Kyoto, is known as the birthplace of Toyota Motor Corp. A Toyota spokesperson said Wednesday the automaker could not load or unload parts containers at the port, but the attack didn't disrupt production.
"We will closely monitor any impact on production while carefully examining the parts inventory," the spokesperson said.
LockBit 3.0 Strikes Again
If confirmed as the attacker, LockBit 3.0 will add to its list of high-profile victims, which includes Royal Mail. LockBit 3.0 emerged as the leading successor of the Russian Conti ransomware group, which was disbanded in early 2022. The group is known as a prolific ransomware group, accounting for 78 hacks in May 2023 - 18% of all ransomware attacks that month, according to NCC Group. In June, U.S. cybersecurity officials reported that LockBit 3.0 had been responsible for nearly 1,700 attacks, collecting $91 million in ransoms in the United States alone.
LockBit 3.0, which operates through affiliates using a ransomware-as-a-service model, has attacked a wide range of organizations across multiple sectors including healthcare, government agencies, manufacturing and transportation. The Port of Nagoya is the group's second hack of a major port.
On Christmas Day 2022, LockBit 3.0 compromised the network of the Port of Lisbon and stole financial reports, budgets and personal data of customers, as well as mail correspondence of the staff. Rather than deploy encryption malware, the group sought to extort the port authority for a $1.5 million ransom to avoid publishing the stolen data on its leak site.