Cyberattack: Ransomware hits Jawaharlal Nehru port operations in Mumbai
Operations at one of the three terminals of Jawaharlal Nehru Port Trust (JNPT), India’s largest container port, came to a standstill on Tuesday night following the global ransomware attack that crippled Russia’s biggest oil company, Ukrainian banks and multinational companies in Europe.
Officials said the attack has affected all software operations of Gateway Terminal India (GTI). Danish shipping giant AP Moller-Maersk, one of the affected entities globally, operates the GTI, which has a capacity to handle 1.8 million standard container units.
“There are three terminals for loading and unloading the containers in JNPT. While JNPT themselves manage one of them, the other two including GTI, are being handled by the private sectors,” said a senior official from the JNPT.
“As far as GTI is concerned, 2,000 to 5,000 containers are received and delivered from there on a regular basis. The entire system of loading and unloading the containers is conducted through software,” he said.
As the software system is down, operations are being conducted manually.
“In reality, nothing could be done manually in that system. You have two options, either work with software or stop it. Thus because of this attack, virtually no work is being conducted at GTI since last night. This attack will have a worldwide impact as thousands of companies from across the globe send and receive containers from this terminal,” the official said.
The Hague-based APM Terminals also operates the Pipavav terminal in Gujarat. APM Terminals is a subsidiary of shipping giant Maersk, which has confirmed it has been hit by the cyber attack.
Foreign media reports from the Netherlands capital The Hague quoting the pubcaster RTV Rijnmond said a new ransomware virus called Petya has hit 17 APM terminals, including two in Rotterdam and 15 in other parts of the world.
When contacted, an APM spokesperson refused to comment on the India impact of the attack.
“We can confirm that Maersk’s IT systems are down across multiple geographies and business units due to a cyber-attack. We continue to assess the situation. The safety of our employees, our operation and our customers’ businesses is our top priority. We will update when we have more information,” the spokesperson said in a written statement issued globally.
Russia and Ukraine were most affected by the thousands of attacks, according to security software maker Kaspersky Lab, with a virus similar to the ransomware that last month infected more than 300,000 computers, and other victims spread across countries including Britain, France, Germany, Italy, Poland and the United States. The total number of attacks was unknown.
The rapidly spreading cyber extortion campaign underscored growing concerns that businesses have failed to secure their networks from increasingly aggressive hackers, who have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks.
It included code known as “Eternal Blue,” which cyber security experts widely believe was stolen from the US National Security Agency (NSA) and was also used in last month’s ransomware attack, named “WannaCry.”
The ransomware virus crippled computers running Microsoft Corp’s Windows by encrypting hard drives and overwriting files, then demanded $300 in Bitcoin payments to restore access. More than 30 victims paid into the bitcoin account associated with the attack, according to a public ledger of transactions listed on blockchain.info.
Microsoft said the virus could spread through a flaw that was patched in a security update in March.
“We are continuing to investigate and will take appropriate action to protect customers,” a spokesman for the company said, adding that Microsoft antivirus software detects and removes it.
Security experts said they expected the impact to be smaller than WannaCry since many computers had been patched with Windows updates in the wake of WannaCry last month to protect them against attacks using Eternal Blue code.
Still, the attack could be more dangerous than traditional strains of ransomware because it makes computers unresponsive and unable to reboot, Juniper Networks said in a blog post analysing the attack.
Researchers said the attack may have borrowed malware code used in earlier ransomware campaigns known as “Petya” and “GoldenEye.”
Following last month’s attack, governments, security firms and industrial groups aggressively advised businesses and consumers to make sure all their computers were updated with Microsoft patches to defend against the threat.
The US department of homeland security said it was monitoring the attacks and coordinating with other countries. It advised victims not to pay the extortion, saying that doing so does not guarantee access will be restored.
In a statement, the White House National Security Council said there was currently no risk to public safety. The United States was investigating the attack and determined to hold those responsible accountable, it said.
The NSA did not respond to a request for comment. The spy agency has not publicly said whether it built Eternal Blue and other hacking tools leaked online by an entity known as Shadow Brokers.
Several private security experts have said they believe Shadow Brokers is tied to the Russian government, and that the North Korean government was behind WannaCry. Both countries’ governments deny charges they are involved in hacking.
(With PTI and Reuters inputs)