The port was not operational from Tuesday morning to Thursday afternoon. LockBit 3.0, a pro-Russia ransomware group, made a ransom demand in exchange for the system’s recovery. Credit: Shutterstock / Dmitry Rukhlenko Japan's largest port, Nagoya, resumed operations on Thursday after being non-operational for more than two days due to a ransomware attack, according to the machine translation of the notice by the port authorities. LockBit 3.0, a pro-Russian ransomware group, took responsibility for the attack and made a ransom demand in exchange for the system's recovery, according to Japan Times. The ransomware attack on the Nagoya port started on July 4, 6:30 a.m. local time, and caused a failure in the Nagoya Port Unified Terminal System (NUTS), according to an earlier notice by the port authorities. NUTS is the central system controlling all container terminals in the port. The port authorities became aware of the issue when a message indicating that the computer system had been infected with ransomware was somehow sent to a printer, according to Japan Times. The port was unable to load and unload containers from trailers, due to the attack. "Upon investigating the cause, we held a meeting with the Nagoya Port Operation Association Terminal Committee, which operates the system, and the Aichi Prefectural Police Headquarters, it was discovered that the issue was a ransomware infection," Nagoya port said in the notice. Toyota Motor shipments impacted Automaker Toyota Motor is among the companies that use the port for several of its shipments. The automaker on Tuesday said the attack on the port would not affect the shipment of its new cars. However, imported and exported parts could not be loaded, according to Bloomberg. The Nagoya Port is situated at the innermost edge of Ise Bay, located at the center of the Japanese Archipelago on the east coast facing the Pacific Ocean. The port has been operational since 1907. The Port is an integrated international port, handling all types of cargo. According to its website, it is the largest port in Japan in terms of total cargo throughput, which reached 177.79 million tons in 2021. It is the largest automobile exporting port in Japan, shipping approximately 1.17 million completed automobile shipments annually. The port of Nagoya is connected to approximately 170 countries around the world. Increasing attacks on ports Ports and other important transportation and logistics assets are exceptionally vulnerable to disruption by threat actors. Financially motivated criminals and nation-state attackers both recognize how critical these facilities are and the opportunity they represent to cause cascading effects across multiple downstream organizations. "For criminals that means targets are more likely to pay quickly. For nation-states that means the blow of an attack is that much more visible," John Hultquist, chief analyst at Mandiant Intelligence -- Google Cloud, said in an email statement. In recent years, several ports across the world have faced cyberattacks. Last year, LockBit claimed responsibility for a cyberattack on Portugal's Port of Lisbon. The Jawaharlal Nehru Port Trust in India also suffered a ransomware attack in February last year. The attack affected the management information system of the port and shipments had to be diverted to nearby ports. "Maritime professionals expect disruptive incidents in the coming years, including impacts as serious as the closure of major ports and waterways," according to the Maritime Cyber Priority 2023 report. More than six in 10 industry professionals expect cyberattacks to cause ship collisions (60%) and groundings (68%) within the next few years, the report said. More than three-quarters (76%) believe a cybersecurity incident is likely to force the closure of a strategic waterway. Hultquist warned that Chinese actors have recently been found targeting air, land, and sea transportation organizations in the US, adding that there is concern that they are conducting reconnaissance for possible cybersecurity disruptions in the event of a conflict. "These same actors have also shown an interest in Asian targets," Hultquist said. Related content news ChatGPT “not a reliable” tool for detecting vulnerabilities in developed code NCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks. By Michael Hill Oct 04, 2023 3 mins DevSecOps DevSecOps DevSecOps news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability brandpost The advantages and risks of large language models in the cloud Understanding the pros and cons of LLMs in the cloud is a step closer to optimized efficiency—but be mindful of security concerns along the way. By Daniel Prizmant, Senior Principal Researcher at Palo Alto Networks Oct 03, 2023 5 mins Cloud Security news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe