Watch Now

CMA CGM victim of cyberattack

‘Ragnar Locker’ demands ransom in exchange for decryption key

CMA CGM confirmed Monday it is the victim of a cyberattack that has taken down its systems. (Photo: Jim Allen/FreightWaves)

The source of CMA CGM’s network outage Monday was made clear in a message shared on LinkedIn.

“If you are reading this, it’s mean your data was encrypted and you sensitive private information was stolen! Read carefully the whole instruction notes to avoid difficulties with your data,” read the message, captured in a screenshot from a CMA CGM computer and posted on LinkedIn by SeaIntelligence Consulting CEO Lars Jensen.  

While the text was grammatically garbled, the message was clear. “Ragnar Locker” instructed, “You have to contact us via live chat immediately to resolve this case and make a deal.”

The attacker wrote, “There is ONLY ONE possible way to get back your files — contact us via LIVE CHAT and pay for the special DECRYPTION KEY! For your GUARANTEE we will decrypt 2 of your files FOR FREE to show that it works.”

The message ended with a warning. “Don’t waste your TIME, the link for contact us will be deleted if there is no contact made in closest time. … However, if you will contact us within 2 day since get penetrated — you can get a very SPECIAL PRICE.”

The CMA CGM website remained down Tuesday.

CMA CGM confirmed in a tweet at about 2 p.m. CEST (8 a.m. EDT) Monday that it “is currently dealing with a cyberattack impacting peripheral servers.”

“As soon as the security breach was detected, external access to applications was interrupted to prevent the malware from spreading,” the tweet said.  

CMA CGM said the outage does not affect CEVA Logistics.

At 9 a.m. CEST Monday, CMA CGM had issued a message that its IT applications were unavailable.

“IT teams are working on resolving the incident to ensure business continuity,” it said then. 

CMA CGM is the world’s fourth-largest container shipping line and the latest to be hit with a cyberattack. 

No. 2 Mediterranean Shipping Co. (MSC) was knocked offline in April. The network outage, traced to a data center in Geneva, affected some of the digital tools, including and myMSC.

“After a thorough investigation … we determined that it was a malware attack based on an engineered targeted vulnerability,” MSC said after the five-day outage. 

No. 3 COSCO was hit in July 2018 in a cyberattack that resulted in network failures in the United States, Canada, Panama, Argentina, Brazil, Peru, Chile and Uruguay.

In June 2017, A.P. Møller – Maersk was debilitated by a cyberattack that the world’s largest container carrier said impacted its bottom line by up to $300 million.

In March of this year, the Digital Container Shipping Association published a guide to help ocean carriers thwart cyberattacks.

Senior editor Greg Miller contributed to this report.

Largest LNG-powered container ship making maiden voyage

East Coast ports welcome largest vessel

CMA CGM donates 200,000 face masks

Click for more American Shipper/FreightWaves stories by Senior Editor Kim Link-Wills.

Kim Link Wills

Senior Editor Kim Link-Wills has written about everything from agriculture as a reporter for Illinois Agri-News to zoology as editor of the Georgia Tech Alumni Magazine. Her work has garnered awards from the Council for the Advancement and Support of Education, the Georgia Institute of Technology and the Magazine Association of the Southeast. Prior to serving as managing editor of American Shipper, Kim spent more than four years with XPO Logistics.