Ransomware grounds French shipping company CMA CGM S.A.

[German]Besides the ransomware attack on UHS (Cyber attack with ransomware on US hospital operator UHS) the French shipping company CMA CGM S.A. was a victim by ransomware.


CMA CGM S.A. is a French shipping and logistics company based in Marseille.C MA CGM is the largest shipping company in France. It operates almost 400 own and chartered container vessels and is currently the third largest container ship shipping company in the world.

Reports about websites offline

Shippingwatch eported hours ago that IT problems were causing CMA CGM websites to become unavailable. Several websites of the French CMA CGM are currently not available. CMA CGM has informed its customers that the problems are related to internal issues, according to a message that ShippingWatch claims to have read. This may have been the following tweet.

External access to CMA CGM IT applications are currently unavailable. IT teams are working on resolving the incident to ensure business continuity. For all bookings, please contact your local agency. We will keep you posted regularly on the current situation.

Soon there were indications that this was a successful ransomware attack.

Ransomware attack forced a network shutdown

From Lloyd's there is this tweet, which sheds light into the matter. They report specifically about a ransomware attack on the French shipping company.

Ransomware at  CMA CGM S.A.


According to the Tweet, the French shipping and transportation company was asked by the Ragnar Locker gang to "contact them via live chat within two days and pay for the special decryption key". No ransom amount has been mentioned yet.

After it was originally claimed (see tweet above) that the company's booking system had been disabled due to "an internal IT infrastructure problem", CMA CGM has now confirmed the ransomware attack. Several of its Chinese branches were affected, so the shipping company's IT department worldwide shut down its network to prevent the spread of malware. According to Lloyd's sources, employees in Europe were told not to use the company's IT equipment.

 Ragnar Locker-Meldung
(Ragnar Locker message, Source: Lloyd's)

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.