Russian Ransomware Group Shuts Down Major Japanese Port – Source: www.govinfosecurity.com

Critical Infrastructure Security
,
Fraud Management & Cybercrime
,
Ransomware

Reported LockBit 3.0 Attack Locks Up Systems, Delays Shipping of Toyota Auto Parts

Cal Harrison •
July 5, 2023    

Ransomware believed to originate from the Russian LockBit 3.0 group has locked up the logistics computer system for the Port of Nagoya, Japan’s largest cargo hub. The attack held up shipments of Toyota auto parts containers starting Tuesday, but port authorities expect to resume operations Thursday morning.

See Also: Live Webinar | Reclaim Control over Your Secrets – The Secret Sauce to Secrets Security

Local media, quoting the Nagoya Harbor Transportation Association, reported Wednesday that LockBit 3.0 had demanded a ransom to restore the port authority’s systems and then notified police. They said they were unable to access the system, but a ransom note printed out on an office printer.

The association manages trucking and gate operations with the Nagoya Port Unified Terminal System, known locally as NUTS. After hackers shut down NUTS, the association informed customers and reported the incident to the Aichi Prefectural Police, which is investigating. The association originally planned to restore NUTS at 6 p.m. Wednesday, but said it will resume gate operations Thursday morning.

Nagoya Harbor, a major shipping and transportation hub between Tokyo and Kyoto, is known as the birthplace of Toyota Motor Corp. A Toyota spokesperson said the automaker could not load or unload parts containers at the port, but the attack didn’t disrupt production.

“We will closely monitor any impact on production while carefully examining the parts inventory,” the spokesperson said.

LockBit 3.0 Strikes Again

If confirmed as the attacker, LockBit 3.0 emerged as the leading successor of the Russian Conti ransomware group, which was disbanded in early 2022. The group is known as a prolific ransomware group, accounting for 78 hacks in May 2023 – 18% of all ransomware attacks that month, according to NCC Group. In June, U.S. cybersecurity officials reported that LockBit 3.0 had been responsible for nearly 1,700 attacks, collecting $91 million in ransoms in the United States alone.

LockBit 3.0, which operates through affiliates using a ransomware-as-a-service model, has attacked a wide range of organizations across multiple sectors including healthcare, government agencies, manufacturing and transportation. The Port of Nagoya is actually the group’s second hack of a major port.

On Christmas Day 2022, the group compromised the network of the Port of Lisbon and stole financial reports, budgets and personal data of customers, as well as mail correspondence of the staff. Rather than deploy encryption malware, the group sought to extort the port authority for a $1.5 million ransom to avoid publishing the stolen data on its leak site.