Japan’s top cargo port, the Port of Nagoya, has fallen victim to a ransomware attack carried out by the notorious LockBit gang from Russia. The incident has resulted in a significant disruption to cargo movements, causing a halt in operations at the port. The port, which is known for its high volume of shipping containers and cargo, including being a key hub for automotive giant Toyota, has experienced a major supply chain interruption due to the attack.
The operators of the Port of Nagoya have provided several updates regarding the situation. In the first announcement, released on July 5, they confirmed that the halt in cargo movements was due to a ransomware attack. Local media reports have also attributed the attack to the LockBit gang. The most recent update suggests that the port’s systems have been restored, and operations are expected to resume in the afternoon. However, it remains unclear whether a ransom was paid to the attackers.
LockBit is a ransomware-as-a-service operator known for its collaboration with affiliates who carry out the actual attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) has identified LockBit as the most prolific ransomware operator in 2022 and highlighted its ability to change tactics to avoid detection. CISA also suspects LockBit of staging publicity stunts, such as offering incentives like paying people to get LockBit tattoos in an attempt to recruit affiliates.
The impact of LockBit attacks has been substantial. Recently, seven international information security agencies issued a joint advisory estimating that LockBit has cost US victims over $90 million through approximately 1,700 attacks since 2020. Some notable victims include suppliers to Taiwanese chip maker TSMC and aerospace manufacturer SpaceX.
Despite its activities, LockBit is not impervious to law enforcement efforts. In June 2023, the FBI arrested a Russian man believed to be a member of the gang and is actively pursuing at least two other cases against alleged operatives.
The Port of Nagoya’s recent encounter with LockBit serves as a reminder of the growing threat of ransomware attacks on critical infrastructure. Such incidents have the potential to disrupt supply chains and cause significant economic and operational challenges. As cybercriminals continue to evolve their tactics, organizations must remain vigilant in implementing robust cybersecurity measures to safeguard against future attacks.
