You are here

Ships infected with ransomware, USB malware, worms

Ships infected with ransomware, USB malware, worms
Catalin Cimpanu December 12, 2018

Ships are the victims of cyber-security incidents more often than people think. Industry groups publish cyber-security guidelines to address issues.
Catalin Cimpanu

Ships suffer from the same types of cyber-security issues as other IT systems, a recent document released by the international shipping industry reveals.

The document is the third edition of the "Guidelines on Cyber Security onboard Ships," an industry-approved guide put together by a conglomerate of 21 international shipping associations and industry groups.

While the document contains what you'd expect to contain --rules and guidance for securing IT systems onboard vessels-- it also comes with examples of what happens when proper procedure isn't followed.

These examples are past cyber-security incidents that have happened on ships and ports, and which have not surfaced in the public eye before until now.

For example, the guidelines include the case of a mysterious virus infection of the Electronic Chart Display and Information System (ECDIS) that ships use for sailing.

A new-build dry bulk ship was delayed from sailing for several days because its ECDIS was infected by a virus. The ship was designed for paperless navigation and was not carrying paper charts. The failure of the ECDIS appeared to be a technical disruption and was not recognized as a cyber issue by the ship's master and officers. A producer technician was required to visit the ship and, after spending a significant time in troubleshooting, discovered that both ECDIS networks were infected with a virus. The virus was quarantined and the ECDIS computers were restored. The source and means of infection in this case are unknown. The delay in sailing and costs in repairs totaled in the hundreds of thousands of dollars (US)

But this isn't the only malware-related incident that affected a ship, according to the aforementioned document.

Ships were also impacted by ransomware, sometimes directly, while in other incidents the ransomware hit backend systems and servers used by ships already in their voyage at sea.

For example, in an incident detailed in the report, a shipowner reported not one, but two ransomware infections, both occurring due to partners, and not necessarily because of the ship's crew.