Maritime transport and logistics giant CMA CGM hit with ransomware

September 29, 2020  By Pierluigi Paganini


The French maritime transport and logistics giant CMA CGM S.A. revealed it was the victim of a malware attack that affecting some servers on its network.

CMA CGM S.A., a French maritime transport and logistics giant, revealed that a malware attack affected some servers on its network.

The company is present in over 160 countries through 755 offices and 750 warehouses with 110,000 employees and 489 vessels. CMA CGM serves 420 of the world’s 521 commercial ports and operates on more than 200 shipping lines. 

The company currently ranks fourth behind Maersk LineMSC, and COSCO Shipping Lines, all companies that have been curiously hit by malware attacks in the past.

In response to the attack, the IT staff at the CMA CGM isolated some applications for the Internet to avoid the malware from spreading to other systems.

“The CMA CGM Group (excluding CEVA Logistics) is currently dealing with a cyber-attack impacting peripheral servers.” reads the security notice published by the company. “As soon as the security breach was detected, external access to applications was interrupted to prevent the malware from spreading.”

According to a report published by Lloyd’s List, the company’s Chinese offices were allegedly infected with the Ragnar Locker ransomware.

CMA CGM ransom note
Source Lloyds List

The Ragnar Locker appeared in the threat landscape at the end of the 2019 when it was employed in attacks against corporate networks. 

One of the victims of the ransomware is the energy giant Energias de Portugal (EDP), where the attackers claimed to have stolen 10 TB of files.

“The French carrier was asked by hackers using the Ragnar Locker ransomware to contact them within two days ‘via live chat and pay for the special decryption key’. No ransom price has been named yet” reads the report.

At the time of writing, the external access to CMA CGM IT applications is currently unavailable. Customers have to contact their local agencies for all bookings.

The company is investigating the incident with the help of independent experts.

“An investigation is underway, conducted by our internal experts and by independent experts,” continues the notice. “A new communication will be issued at the end of the day.”

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

Ransomware attack on Tyler Technologies might be worse than initially thought

 Customers of Tyler Technologies are reporting finding suspicious logins and previously unseen remote access tools on their...