Watch Now

CMA CGM cargo flowing despite ransomware attack

Container carrier criticized for slow communication flow

CMA CGM said its port operations have not been disrupted by a ransomware attack. (Photo: Flickr/Bernard Spragg)

CMA CGM, which had been criticized earlier in the day for not providing updates on the ransomware attack that took down its network, tweeted after the close of regular business hours in Europe on Tuesday that all its maritime and port operations were functioning normally.

It also said in a series of tweets at about 7:15 p.m. CEST (1:15 p.m. EDT) that all communications, including emails, transmitted files and electronic data interfaces, to and from the French shipping giant were secure. 

“This malware was able to be rapidly isolated and all necessary protection measures implemented,” CMA CGM tweeted.

The opening page at read, “We have decided to temporarily suspend all access to our e-commerce websites to protect our customers.”

The message also said CMA CGM was providing “alternative and temporary processes” for bookings and was committed to processing them as quickly as possible.

“We seek … your understanding and patience,” CMA CGM said. 

Shipping analyst Lars Jensen believes CMA CGM should be forthcoming with updates on the cyberattack. 

“The worst you can do in such a situation is to say nothing, as that leaves ample room for concern and speculation,” Jensen, the CEO of SeaIntelligence Consulting, said in a series of posts on LinkedIn Tuesday.

In a tweet Monday afternoon, CMA CGM promised an update on the ransomware attack by the end of the day. That did not come, and shippers and the media were scrambling for information Tuesday. 

In its first communication, at 9 a.m. CEST Monday, CMA CGM said only that its IT applications were unavailable and its technology teams were working to resolve the issue. Five hours later, CMA CGM confirmed in a tweet that it was in fact “dealing with a cyberattack impacting peripheral servers.”

Lori Ann LaRocco provided details of CMA CGM cargo flow at the Port of Los Angeles.

Jensen shared a screenshot on LinkedIn Monday showing a demand for payment from “Ragnar Locker” in exchange for a decryption key. 

CMA CGM was instructed to communicate with Ragnar Locker via live chat

“Managing a successful cyberattack is a challenging task requiring a dedicated effort on many fronts at the same time,” Jensen wrote on LinkedIn Tuesday. “However, proactive communication is widely regarded as an important part of the necessary damage control but appears not to be fully forthcoming at this time.”

When questioned on LinkedIn how he believed CMA CGM should have responded publicly, Jensen said he did not expect the company to say much but maintained it should say something.

“When you said, as they clearly did, that you will provide an update by the end of the day and then you say nothing, that is problematic,” Jensen wrote. “My take on this is that they do not yet have a full overview of the impact and nor do they have a time frame for when they will be back in full operation. It is the simplest thing in the world to simply state that.”

He said A.P. Møller – Maersk did a good job of sharing what information it had when it was attacked in June 2017. 

“Right now social media is rife with conflicting info from shippers, [with] some saying EDI and/or some APIs work [and] others claiming phones don’t work whilst others say they do,” Jensen continued. “Providing an overview of what they know would create clarity and put a dampener on confusion.”

CNBC’s Lori Ann LaRocco, a columnist for FreightWaves, agreed social media was full of speculation, although she used a stronger word than “rife.”

“It’s irresponsible” to be throwing around guesses regarding the ransomware attack, according to LaRocco, who said she is using her own LinkedIn page to provide a voice of reason as well as actual data.

LaRocco said she has been in close contact with Gene Seroka, executive director of the Port of Los Angeles, who told her the largest gateway in the Western Hemisphere has not been impacted by the CMA CGM outage — thus far.

“The longer that it goes, it’s not a good thing,” LaRocco said, pointing out that containers on CMA CGM ships account for 5% of all gate moves at the Port of LA.

She said the Port of LA is monitoring every truck move down to the scan. And cybersecurity is nothing new at the port. Seroka told LaRocco that the number of attempted cyberattacks has grown from more than 20 million a month before the coronavirus pandemic to some 44 million a month now.

Seroka said during his American Shipper Global Trade Tech keynote in mid-September that the Port of LA was “developing the next level of port protection.”

“In the works is the first maritime sector cyber-resilient center designed to protect data flowing through our port community,” Seroka said. 

And for now at least, CMA CGM-carried cargo continues flowing through the port.

CMA CGM victim of cyberattack

Largest LNG-powered container ship making maiden voyage

East Coast ports welcome largest vessel

Click for more American Shipper/FreightWaves stories by Senior Editor Kim Link-Wills.

Kim Link Wills

Senior Editor Kim Link-Wills has written about everything from agriculture as a reporter for Illinois Agri-News to zoology as editor of the Georgia Tech Alumni Magazine. Her work has garnered awards from the Council for the Advancement and Support of Education, the Georgia Institute of Technology and the Magazine Association of the Southeast. Prior to serving as managing editor of American Shipper, Kim spent more than four years with XPO Logistics.