Major Maritime Ransomware Attacks

Estimated read time 5 min read

If you’re seeking an in-depth exploration of ransomware attacks’ history within the maritime industry, you’re in the right spot. Here, we recount the most consequential cyber assaults on major ports across the globe. So, without delay, let’s dive into the tumultuous sea of maritime cyber threats!

Quick view

Attack VictimDateBrief Description
A.P. Moller MaerskJune 2017NotPetya ransomware attack disrupts global operations, results in $300 million loss.
Cosco ShippingJuly 2018Ransomware disrupts U.S operations, impacting vital communication systems.
Port of San DiegoSeptember 2018Ryuk ransomware cripples port’s administrative systems, forces switch to manual operations.
Port of BarcelonaSeptember 2018Unspecified ransomware causes significant disruption to routine port operations.
Port of Marseille Fos2020Ransomware infiltrates IT systems, suspends digital operations, forces return to manual processes.
Shahid Rajaee PortMay 2020Major cyberattack disrupts port infrastructure, results in severe logistical issues.
Port of Houston2020Unsuccessful Iranian cyberattack highlights importance of robust defensive measures.
Port of Lisbon2023LockBit ransomware group causes operational disruption and a significant data breach.
DNV’s ShipManager SoftwareJanuary 2023Ransomware attack forces shutdown of IT servers, affecting vessels and customers.
Port of NagoyaJuly 2023Ransomware halts container operations, underscores potential geopolitical fallout of cyberattacks.
Major Maritime Ransomware Attacks

The A.P. Moller Maersk Event: A Warning for the Maritime Industry (June 2017)

The first incident we look at is a sobering tale of A.P. Moller Maersk, a Danish maritime giant. In June 2017, the company fell victim to the NotPetya ransomware attack, a malicious cyber assault masked as a straightforward ransom demand but with a more insidious aim—massive disruption.

The NotPetya ransomware exploited the EternalBlue loophole, taking advantage of a vulnerability in Windows’ Server Message Block (SMB) protocol. This allowed for swift propagation within networks, spreading the infection rapidly.

Maersk’s multiple systems worldwide were swiftly compromised. Infrastructure breached, servers encrypted, and routine operations screeched to a halt, resulting in a staggering loss estimated at a whopping $300 million.

The Cosco Shipping Episode: A Maritime Nightmare (July 2018)

Our narrative takes us to Cosco Shipping’s encounter with ransomware in July 2018, showcasing the vast tactical range of these cyber threats. Though the exact ransomware variant remains undisclosed, its effects were unmistakably severe.

With terrifying precision, the ransomware targeted Cosco’s U.S operations. Essential communication systems like emails and telephones were disrupted, plunging both internal and external communications into chaos.

The Port of San Diego Incident: A Maritime Industry Alarm (September 2018)

Moving forward to September 2018, the Port of San Diego fell victim to the notorious Ryuk ransomware, known for targeting substantial, critical operations. This attack put a spotlight on the administrative systems of the port, crippling digital processes and causing a shift to manual operations.

The Disruption at the Port of Barcelona: A Spanish Maritime Setback (September 2018)

As the Port of San Diego was grappling with its attack, the picturesque Port of Barcelona fell into the cybercriminals’ crosshairs. This crucial maritime hub was disrupted by a ruthless ransomware attack in September 2018, causing significant interruptions in regular operations.

The Unveiling at the Port of Marseille Fos: France’s Maritime Ordeal (2020)

As we entered the new decade, the maritime industry found no respite from cyber threats. The Port of Marseille Fos, a significant contributor to France’s maritime industry, was soon on the ransomware attackers’ radar.

The Iranian Disarray: Shahid Rajaee Port’s Disturbance (May 2020)

In May 2020, Iran’s Shahid Rajaee Port was thrown into chaos by a major cyberattack that reverberated beyond the maritime industry, highlighting the geopolitical stakes of cyber warfare. The attack caused massive traffic jams and severe infrastructure disruptions.

The alleged perpetrators were Israeli hackers, supposedly retaliating against a previous cyberattack on Israel’s water infrastructure by Iranian hackers.

The Texas Triumph: Port of Houston’s Defense (2020)

In contrast to previous incidents, the story of the Port of Houston showcases the importance of strong defenses. This critical Texas port was targeted by hackers believed to be from Iran in 2020, emphasizing the geopolitical dimension of these threats. However, this time, the attackers were successfully repelled.

The Port of Lisbon Incident: A European Maritime Breach (2023)

The Port of Lisbon, a vital hub in Europe’s maritime network, was targeted by the notorious LockBit ransomware group. This attack caused significant operational disruption and resulted in a major data breach, with the attackers claiming to haveseized sensitive data.

The Maritime Software Attack: The DNV’s ShipManager Incident (January 2023)

In a concerning escalation of maritime cyber threats, the January 2023 attack targeted not a port, but a crucial maritime software system. The victim was DNV, a major maritime organization based in Oslo. The ransomware attack forced them to shut down IT servers linked to their ShipManager system, impacting about 1,000 vessels and 70 customers.

The Port of Nagoya Siege: Japan’s Maritime Challenge (2023)

Most recently, in July 2023, the Port of Nagoya in Japan was brought to a standstill by a severe ransomware attack. The assault targeted the Nagoya Port Unified Terminal System (NUTS), halting container operations and underlining the geopolitical implications of such attacks due to the port’s critical role in Japan’s economy.

Major Maritime Ransomware Attacks history image
Major Maritime Ransomware Attacks history image

Maritime Cybersecurity: A Rising Tide

Ransomware attacks have risen significantly in recent years, doubling from 13% in 2021 to 25% in 2022. This surge signals cybercriminals’ lucrative attraction to these types of attacks, with the potential for significant financial gain.

Following closely are data-related threats, including breaches and leaks. Cyber adversaries have eagerly targeted credentials, employee and customer data, and intellectual property in their pursuit of profit.

Other major threats to the maritime industry include malware, denial-of-service (DoS), distributed denial-of-service (DDoS) and ransom denial-of-service (RDoS) attacks, phishing and spear phishing campaigns, and supply-chain attacks.

Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author