Maritime Ransomware
BY VANESSA C . DIDOMENICO , SHARON R . KLEIN , AND KAREN H . SHIN
C . DIDOMENICO ASSOCIATE
Cybersecurity concerns are certainly on the radar for shipowners and operators . Cybersecurity breaches can penetrate systems aboard and ashore and can jeopardize safety and adversely impact maritime operations , as well as disrupt the downstream distribution of the goods on board . In that light , it is imperative that shipowners and operators install tough mitigation , detection , and response plans .
As ships undergo digitalization and autonomous system upgrades , cyberattacks and ransomware attempts become more prevalent . Ransomware is defined as a type of malicious software designed to block access to a computer system until the attacked party pays a sum of money . Cybercriminals monetize their operations by extorting their victims and can further sell extracted data . Cyberattackers typically seek the highest payout possible and target companies and industries , including the maritime sector , that rely on time-sensitive data to function . Such attacks can have devastating contemporaneous consequences on multiple players .
Notably , on May 6 , 2021 , the Colonial Pipeline incident made headlines when that company paid $ 4.4 million in ransom after the major supplier of oil was unable to access or control its IT systems that affected 45 percent of fuel supplied to the East Coast . Further , in 2021 , Transnet , the South African port operator , declared force majeure after reservations , and disabling internal communication systems . Most recently , on January 7 , 2023 , DNV ’ s ShipManager servers fell victim to a ransomware cyberattack . About 70 customers , operating around 1,000 vessels , were affected . 3
There are numerous other examples of ransomware attacks ; however , not all instances are publicly disclosed . In some cases , ransomware attacks go unreported , and companies opt to pay money to the attackers without seeking government assistance . The U . S . Treasury Department
23 • MAINBRACE