Japan’s Nagoya port resumes operations after ransomware attack

Japan's largest port, Nagoya, resumed operations on Thursday after being non-operational for more than two days due to a ransomware attack, according to the machine translation of the notice by the port authorities.

LockBit 3.0, a pro-Russian ransomware group, took responsibility for the attack and made a ransom demand in exchange for the system's recovery, according to Japan Times.

The ransomware attack on the Nagoya port started on July 4, 6:30 a.m. local time, and caused a failure in the Nagoya Port Unified Terminal System (NUTS), according to an earlier notice by the port authorities.

NUTS is the central system controlling all container terminals in the port.

The port authorities became aware of the issue when a message indicating that the computer system had been infected with ransomware was somehow sent to a printer, according to Japan Times.  

The port was unable to load and unload containers from trailers, due to the attack.

"Upon investigating the cause, we held a meeting with the Nagoya Port Operation Association Terminal Committee, which operates the system, and the Aichi Prefectural Police Headquarters, it was discovered that the issue was a ransomware infection," Nagoya port said in the notice. 

Toyota Motor shipments impacted

Automaker Toyota Motor is among the companies that use the port for several of its shipments. The automaker on Tuesday said the attack on the port would not affect the shipment of its new cars. However, imported and exported parts could not be loaded, according to Bloomberg.  

The Nagoya Port is situated at the innermost edge of Ise Bay, located at the center of the Japanese Archipelago on the east coast facing the Pacific Ocean. The port has been operational since 1907. 

The Port is an integrated international port, handling all types of cargo. According to its website, it is the largest port in Japan in terms of total cargo throughput, which reached 177.79 million tons in 2021. It is the largest automobile exporting port in Japan, shipping approximately 1.17 million completed automobile shipments annually. The port of Nagoya is connected to approximately 170 countries around the world.

Increasing attacks on ports

Ports and other important transportation and logistics assets are exceptionally vulnerable to disruption by threat actors. Financially motivated criminals and nation-state attackers both recognize how critical these facilities are and the opportunity they represent to cause cascading effects across multiple downstream organizations.

"For criminals that means targets are more likely to pay quickly. For nation-states that means the blow of an attack is that much more visible," John Hultquist, chief analyst at Mandiant Intelligence -- Google Cloud, said in an email statement.

In recent years, several ports across the world have faced cyberattacks. Last year, LockBit claimed responsibility for a cyberattack on Portugal's Port of Lisbon. 

The Jawaharlal Nehru Port Trust in India also suffered a ransomware attack in February last year. The attack affected the management information system of the port and shipments had to be diverted to nearby ports. 

"Maritime professionals expect disruptive incidents in the coming years, including impacts as serious as the closure of major ports and waterways," according to the Maritime Cyber Priority 2023 report.

More than six in 10 industry professionals expect cyberattacks to cause ship collisions (60%) and groundings (68%) within the next few years, the report said. More than three-quarters (76%) believe a cybersecurity incident is likely to force the closure of a strategic waterway.

Hultquist warned that Chinese actors have recently been found targeting air, land, and sea transportation organizations in the US, adding that there is concern that they are conducting reconnaissance for possible cybersecurity disruptions in the event of a conflict. "These same actors have also shown an interest in Asian targets," Hultquist said.