Lockbit 3.0 Claims Credit for Ransomware Attack on Japanese Port
After a ransomware attack shuttered operations at container terminals at the Port of Nagoya in Japan, the Lockbit 3.0 ransomware gang claimed responsibility and demanded the port pay up.
The attack on the port, which is responsible for 10% of the country’s cargo trade and is used by companies like Toyota Motor Corporation, was attacked on July 4, 2023, forcing the suspension of all container trailer operations, according to a notice from the Nagoya Harbor port authority.
The port authority said at the time it was working tirelessly to get the Nagoya Port Unified Terminal System (NUTS) back up and restart operations quickly. While authorities did not name a perpetrator in the attack, Lockbit 3.0 eventually claimed credit.
“This incident at the Port of Nagoya highlights the serious vulnerabilities that critical infrastructure faces in the digital age,” said Craig Jones, vice president of security operations at Ontinue.
“Ransomware attacks are a growing concern for both private corporations and public entities, and this case underscores the potential for significant disruption to essential services and supply chains,” said Jones. “It’s clear that such attacks not only pose security risks but also can have considerable economic impacts.”
He added that since “the Port of Nagoya is Japan’s busiest port, handling approximately one-tenth of the country’s total trade volume, the effects of this disruption are likely to be far-reaching and could possibly ripple through the global economy.”
It could also have resounding and profound effects on a supply chain already marked by unprecedented disruption. “The impact may be especially significant considering the current global supply chain issues already exacerbated by the COVID-19 pandemic,” Jones said.
The security community is well-acquainted with Lockbit 3.0, the pro-Russian cybercriminal gang that said it was behind the attack on the port. “Lockbit 3.0, also known as Lockbit Black, represents a new era of ransomware sophistication. The Cybersecurity and Infrastructure Security Agency (CISA) previously warned about its modular and evasive nature, drawing similarities with other notorious ransomware variants such as Blackmatter and Blackcat,” said Itay Glick, a former member of the elite intelligence unit 8200 of the Israel Defense Forces and the current VP of products at OPSWAT. “This evolving threat gains initial access to victim networks through various means, including remote desktop protocol (RDP) exploitation, phishing campaigns, abuse of valid accounts and exploitation of public-facing applications.”
Glick explained that “once inside the network, Lockbit 3.0 poses a significant risk to critical operations and has the capability to propagate and disrupt systems, leading to operational technology (OT) failures or intentional shutdowns by security teams to prevent further damage.”
The incident raises the age-old question—to pay or not to pay? And still, the answer is not simple. “Industry experts and government agencies advise organizations not to pay out in a ransomware attack. However, it’s a difficult decision because the organization risks losing sensitive information, access to critical files and the entire network infrastructure they need to operate their business,” said Darren Guccione, CEO and cofounder at Keeper Security.
“Unfortunately, for some organizations and their customers, the attackers could be holding onto sensitive personal information, and paying the ransom is no guarantee that information won’t be sold anyway,” said Guccione. “Along with the immediate financial burden, recovering from a loss of that nature can be time-consuming and lead to reputational and operational damages. Organizations also need to consider the legal implications of paying the ransom and the cost of preventing further attacks now that bad actors know they’re willing to pay.”
How quickly the port fully recovers—and whether it decides to pay the ransom—depends on whether cybersecurity best practices are in place for resiliency [so] that the Port of Nagoya will recover quickly without having to negotiate with the cybercriminals, Guccione added.
Of course, rather than choosing whether or not to pay up, it is much more prudent to invest in prevention. “Ransomware attacks like the recent one on the port of Nagoya have become inevitable. The expanding digital landscape provides more entry points for hackers, while the potential financial gains make these attacks lucrative,” said Carol Vok, EVP at BullWall. “As a result, companies must prepare their cybersecurity defenses, including ransomware containment.”
Image source: Photo by Jerome Monta on Unsplash
