Critical Infrastructure Security , Fraud Management & Cybercrime , Ransomware

Japanese Port Reopens After Russian Ransomware Group Attack

Reported LockBit 3.0 Attack Locked Up System for 2 Days, Halted Toyota Shipments
Japanese Port Reopens After Russian Ransomware Group Attack
Trucks wait in line at the cargo terminal in the Port of Nagoya on Wednesday. (Image: KYODO)

Ransomware believed to originate from the Russian LockBit 3.0 group locked up computer systems for the Port of Nagoya, Japan's largest cargo hub. The attack held up shipments of Toyota auto parts containers for two days, but the port reopened Thursday morning.

See Also: On Demand | Defining a Detection & Response Strategy

Local media, quoting the Nagoya Harbor Transportation Association, reported Wednesday that LockBit 3.0 had demanded a ransom to restore the port authority's systems and then had notified police. They said they were unable to access the system, but a ransom note printed out on an office printer.

The association manages trucking and gate operations with the Nagoya Port Unified Terminal System, known locally as NUTS. After hackers shut down NUTS, the association informed customers and reported the incident to the Aichi Prefectural Police, which is investigating. The association originally planned to restore NUTS at 6 p.m. Wednesday, but it announced the resumption of normal operations Thursday morning.

"Currently, large-scale traffic congestion is occurring around the container terminal and inside the port," according to a Nagoya Port Authority update. "Please be careful when traveling through the port, such as checking traffic information in advance."

Nagoya Harbor, a major shipping and transportation hub between Tokyo and Kyoto, is known as the birthplace of Toyota Motor Corp. A Toyota spokesperson said Wednesday the automaker could not load or unload parts containers at the port, but the attack didn't disrupt production.

"We will closely monitor any impact on production while carefully examining the parts inventory," the spokesperson said.

LockBit 3.0 Strikes Again

If confirmed as the attacker, LockBit 3.0 will add to its list of high-profile victims, which includes Royal Mail. LockBit 3.0 emerged as the leading successor of the Russian Conti ransomware group, which was disbanded in early 2022. The group is known as a prolific ransomware group, accounting for 78 hacks in May 2023 - 18% of all ransomware attacks that month, according to NCC Group. In June, U.S. cybersecurity officials reported that LockBit 3.0 had been responsible for nearly 1,700 attacks, collecting $91 million in ransoms in the United States alone.

LockBit 3.0, which operates through affiliates using a ransomware-as-a-service model, has attacked a wide range of organizations across multiple sectors including healthcare, government agencies, manufacturing and transportation. The Port of Nagoya is the group's second hack of a major port.

On Christmas Day 2022, LockBit 3.0 compromised the network of the Port of Lisbon and stole financial reports, budgets and personal data of customers, as well as mail correspondence of the staff. Rather than deploy encryption malware, the group sought to extort the port authority for a $1.5 million ransom to avoid publishing the stolen data on its leak site.


About the Author

Cal Harrison

Cal Harrison

Editorial Director, ISMG

Harrison helps ISMG readers gain new perspectives on the latest cybersecurity trends, research and emerging insights. A 30-year veteran writer and editor, he has served as an award-winning print and online journalist, mass communication professor and senior digital content strategist for DXC Technology, where he led thought leadership, case studies and the Threat Intelligence Report for the Fortune 500 firm's global security, cloud and IT infrastructure practices.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.