The port was not operational from Tuesday morning to Thursday afternoon. LockBit 3.0, a pro-Russia ransomware group, made a ransom demand in exchange for the system’s recovery. Credit: Shutterstock / Dmitry Rukhlenko Japan's largest port, Nagoya, resumed operations on Thursday after being non-operational for more than two days due to a ransomware attack, according to the machine translation of the notice by the port authorities. LockBit 3.0, a pro-Russian ransomware group, took responsibility for the attack and made a ransom demand in exchange for the system's recovery, according to Japan Times. The ransomware attack on the Nagoya port started on July 4, 6:30 a.m. local time, and caused a failure in the Nagoya Port Unified Terminal System (NUTS), according to an earlier notice by the port authorities. NUTS is the central system controlling all container terminals in the port. The port authorities became aware of the issue when a message indicating that the computer system had been infected with ransomware was somehow sent to a printer, according to Japan Times. The port was unable to load and unload containers from trailers, due to the attack. "Upon investigating the cause, we held a meeting with the Nagoya Port Operation Association Terminal Committee, which operates the system, and the Aichi Prefectural Police Headquarters, it was discovered that the issue was a ransomware infection," Nagoya port said in the notice. Toyota Motor shipments impacted Automaker Toyota Motor is among the companies that use the port for several of its shipments. The automaker on Tuesday said the attack on the port would not affect the shipment of its new cars. However, imported and exported parts could not be loaded, according to Bloomberg. The Nagoya Port is situated at the innermost edge of Ise Bay, located at the center of the Japanese Archipelago on the east coast facing the Pacific Ocean. The port has been operational since 1907. The Port is an integrated international port, handling all types of cargo. According to its website, it is the largest port in Japan in terms of total cargo throughput, which reached 177.79 million tons in 2021. It is the largest automobile exporting port in Japan, shipping approximately 1.17 million completed automobile shipments annually. The port of Nagoya is connected to approximately 170 countries around the world. Increasing attacks on ports Ports and other important transportation and logistics assets are exceptionally vulnerable to disruption by threat actors. Financially motivated criminals and nation-state attackers both recognize how critical these facilities are and the opportunity they represent to cause cascading effects across multiple downstream organizations. "For criminals that means targets are more likely to pay quickly. For nation-states that means the blow of an attack is that much more visible," John Hultquist, chief analyst at Mandiant Intelligence -- Google Cloud, said in an email statement. In recent years, several ports across the world have faced cyberattacks. Last year, LockBit claimed responsibility for a cyberattack on Portugal's Port of Lisbon. The Jawaharlal Nehru Port Trust in India also suffered a ransomware attack in February last year. The attack affected the management information system of the port and shipments had to be diverted to nearby ports. "Maritime professionals expect disruptive incidents in the coming years, including impacts as serious as the closure of major ports and waterways," according to the Maritime Cyber Priority 2023 report. More than six in 10 industry professionals expect cyberattacks to cause ship collisions (60%) and groundings (68%) within the next few years, the report said. More than three-quarters (76%) believe a cybersecurity incident is likely to force the closure of a strategic waterway. Hultquist warned that Chinese actors have recently been found targeting air, land, and sea transportation organizations in the US, adding that there is concern that they are conducting reconnaissance for possible cybersecurity disruptions in the event of a conflict. "These same actors have also shown an interest in Asian targets," Hultquist said. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe