The source of CMA CGM’s network outage Monday was made clear in a message shared on LinkedIn.
“If you are reading this, it’s mean your data was encrypted and you sensitive private information was stolen! Read carefully the whole instruction notes to avoid difficulties with your data,” read the message, captured in a screenshot from a CMA CGM computer and posted on LinkedIn by SeaIntelligence Consulting CEO Lars Jensen.
While the text was grammatically garbled, the message was clear. “Ragnar Locker” instructed, “You have to contact us via live chat immediately to resolve this case and make a deal.”
The attacker wrote, “There is ONLY ONE possible way to get back your files — contact us via LIVE CHAT and pay for the special DECRYPTION KEY! For your GUARANTEE we will decrypt 2 of your files FOR FREE to show that it works.”
The message ended with a warning. “Don’t waste your TIME, the link for contact us will be deleted if there is no contact made in closest time. … However, if you will contact us within 2 day since get penetrated — you can get a very SPECIAL PRICE.”
The CMA CGM website remained down Tuesday.
CMA CGM confirmed in a tweet at about 2 p.m. CEST (8 a.m. EDT) Monday that it “is currently dealing with a cyberattack impacting peripheral servers.”
“As soon as the security breach was detected, external access to applications was interrupted to prevent the malware from spreading,” the tweet said.
CMA CGM said the outage does not affect CEVA Logistics.
At 9 a.m. CEST Monday, CMA CGM had issued a message that its IT applications were unavailable.
“IT teams are working on resolving the incident to ensure business continuity,” it said then.
CMA CGM is the world’s fourth-largest container shipping line and the latest to be hit with a cyberattack.
No. 2 Mediterranean Shipping Co. (MSC) was knocked offline in April. The network outage, traced to a data center in Geneva, affected some of the digital tools, including msc.com and myMSC.
“After a thorough investigation … we determined that it was a malware attack based on an engineered targeted vulnerability,” MSC said after the five-day outage.
No. 3 COSCO was hit in July 2018 in a cyberattack that resulted in network failures in the United States, Canada, Panama, Argentina, Brazil, Peru, Chile and Uruguay.
In June 2017, A.P. Møller – Maersk was debilitated by a cyberattack that the world’s largest container carrier said impacted its bottom line by up to $300 million.
In March of this year, the Digital Container Shipping Association published a guide to help ocean carriers thwart cyberattacks.
Senior editor Greg Miller contributed to this report.