Operations came to a halt after Japan’s largest port was hit with a ransomware attack earlier this week.

According to reports, container operations were suspended at the Port of Nagoya as crews worked to get the systems back online after a ransomware attack was discovered on July 4. The cyberattack caused the port to be unable to load and unload containers. Media in Japan has linked the attack to a pro-Russian group. By Thursday, July 6, the port has partially resumed operations.

“The recent ransomware attack on Japan’s largest port is yet another example of cyber threats targeting critical infrastructure across the globe,” said Duncan Greatwood, CEO of Xage Security. “With ransomware strain LockBit 3.0 responsible for this attack and for 21% of 189 ransomware attacks detected against critical infrastructure in Q4 2022, security should be top of mind for all within the supply chain today.”

Security leaders weigh in

Craig Jones, Vice President of Security Operations at Ontinue:

“This incident at the Port of Nagoya highlights the serious vulnerabilities that critical infrastructure faces in the digital age. Ransomware attacks are a growing concern for both private corporations and public entities, and this case underscores the potential for significant disruption to essential services and supply chains. It's clear that such attacks not only pose security risks but also can have considerable economic impacts.

“Given that the Port of Nagoya is Japan's busiest port, handling approximately 10% of the country's total trade volume, the effects of this disruption are likely to be far-reaching and could possibly ripple through the global economy. The impact may be especially significant considering the current global supply chain issues already exacerbated by the Covid-19 pandemic.

“This incident serves as a stark reminder of the importance of cybersecurity measures for critical infrastructure, particularly those in the logistics and transport sectors. It's essential that organizations continue to prioritize investment in cybersecurity defenses, training and response plans. Additionally, international cooperation to fight against such cybercrimes is of utmost importance. It's a significant issue that needs collective attention and effort.”

John Bambenek, Principal Threat Hunter at Netenrich:

“Part of the reason technology is so cheap is because technology companies outsource the risks of using their products to their customers. It’s on them to use it safely. If those customers don’t also invest in security, events like we are currently seeing with the Port of Nagoya, are the result. Due to international law enforcement on cybercrime being so rare, there are no real consequences for ransomware operators either. The Internet is a free-fire zone were most organizations are simply unarmed.”

Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea:

“Ransomware attacks have a far-reaching effect, particularly when a major part of the global supply chain is targeted. The latest victim is the Port of Nagoya in Japan which handles a large amount of Japan’s trade. Although the recent Verizon DBIR report shows that ransomware incidents held steady in the past year, they are devastating to the victims when they occur. Hopefully, cybersecurity best practices are in place for resiliency and that the Port of Nagoya will recover quickly without having to negotiate with the cybercriminals.  

“This incident is a reminder to all organizations to take the time to test and validate your ransomware resiliency is working and will save you when the time is needed to respond to a security incident. Organizations often become victims of cybercrime and ransomware if secrets are not managed correctly and secured with solutions, such as a privileged access management (PAM) solution. These solutions help protect secrets and enhances the security by storing them within a secure vault and enforcing additional security controls such as multi-factor authentication (MFA), access workflows, session management and recording, automated key rotation and privilege behavior analytics and auditing.  

“Many organizations do not realize how many secrets they have and often try to get by focusing on only those which they have knowledge of such as domain admins and usually try to get by with simple password managers which are not sufficient to manage the ever increasing amount of secrets within a business.”  

Darren Guccione, CEO and Co-Founder at Keeper Security:

“Industry experts and government agencies advise organizations not to pay out in a ransomware attack, however, it's a difficult decision because the organization risks losing sensitive information, access to critical files and the entire network infrastructure they need to operate their business. Unfortunately, for some organizations and their customers, the attackers could be holding onto sensitive personal information and paying the ransom is no guarantee that information won’t be sold anyway. Along with the immediate financial burden, recovering from a loss of that nature can be time consuming and lead to reputational and operational damages. Organizations also need to consider the legal implications of paying the ransom and the cost of preventing further attacks now that bad actors know they’re willing to pay. The most cost-effective method for dealing with a cyberattack is by investing in prevention with a zero-trust and zero-knowledge cybersecurity architecture that will limit, if not altogether prevent, a bad actor’s access.”