-
DNV confirms about 1,000 vessels have been affected by a ransomware cyber-attack on its ShipManager software
-
The Norwegian ship classification society says its IT experts have shut down the affected servers as they and technology partners investigate
-
The cyber-attack was among a number of similar incidents reported by various businesses in recent weeks
Norwegian classification society DNV has confirmed that about 1,000 vessels have been affected by a ransomware cyber-attack on its ShipManager software earlier this January.
DNV said in a press release on its website that the ransomware attack happened on the evening of Saturday, January 7. It said its IT experts have shut down ShipManager’s servers in response to the incident.
All users can still use the onboard, offline functionalities of the targeted software, said the international accredited registrar and classification society headquartered in Baerum, Norway.
The incident has been one of several attacks in recent weeks on systems of various establishments, including transportation companies and media facilities such as London’s The Guardian newspaper.
“DNV is communicating daily with all 70 affected customers to update them on findings of the ongoing forensic investigations. In total, around 1,000 vessels are affected,” the society said in the press statement released on January 17, 2023.
“There are no indications that any other software or data by DNV is affected. The server outage does not impact any other DNV services.”
DNV said its IT experts are working closely with global IT security partners to investigate the incident and to ensure operations are online as soon as possible. DNV is in dialogue with the Norwegian police about the incident,” the society said.
It apologized for the disruption and inconvenience of clients who may have been hit as hackers attacked its servers.
There are no indications other software or data by DNV has been affected, and the server outage does not impact any other DNV services, the classification society added.
DNV said it is in dialogue with the Norwegian police about the incident and that it is in contact with affected customers to update them on findings of the ongoing forensic investigations.
RELATED READ: Cyber-attack hobbles major European oil terminals
The Guardian newspaper has come under a suspected ransomware attack, BBC reported on December 21, 2022.
The report said Guardian had suffered disruption to “behind the scenes services” in a “serious incident” that affected its IT systems.
The company said company records had been accessed as hackers hit its system. It had told staff not to go into the office and to work from home immediately after the attack was discovered.
On January 11, the air control traffic system of the US Federal Aviation Administration suffered an outage, causing thousands of flights across, into and out of the United States cancelled. The White House did not rule out a cyber-attack. Previously, there were confirmed cyber-attacks on American airports last year.
IBM’s Security Intelligence report carried by Forbes a week ago said 2023 could be another banner year for ransomware and other cyberattacks.
“Almost as fast as the cybersecurity industry releases new security tools, adversaries evolve their techniques to circumvent them. This year will be no different,” according to the report.
Cyberattacks such as data breaches can be costly crises for companies. In 2022, the average cost of a data breach in the US was US$9.44 million, up from $9.05 million the year before, according to Statista.
The digital menace to transportation systems and agencies is not new phenomenon. In February 2017, hackers struck the Colorado Department of Transportation in a ransomware attack in February and came back eight days later and disrupted the agency’s operations for weeks.
Reports said state officials shut down 2,000 computers and transportation employees were forced to use pen and paper or their personal devices instead of their work computers.
Those whose computers were infected were denied access to their files or data unless these were stored on the internet, and the payroll system and vendor contracts were affected.
