Nagoya port (Japan) victim of Lockbit 3.0

[German]Japan's largest overseas port in the city of Nagoya has fallen victim to a ransomware attack (probably from Lockbit 3.0). The NUTS IT system, which is used at all of the port's container terminals, has not worked since July 4, 2023 (Independence Day in the US). However, operators say they are optimistic they will have the IT back up and running for the port's operations by next Thursday (6/7). Addendum: They are back in operation.

I came across this Nikkei Asia article earlier today during my morning press review – plus a reader in the comments pointed me to the English-language article from Japanese site The Manchi (thanks for that).

Lockbit 3.0 responsible for attack on port

The cybergang operating out of Russia, Lockbit 3.0, may have managed to carry out a successful attack on the IT systems of the seaport of the Japanese city of Nagoya. The system failure was noticed at around 6:30 a.m. on Tuesday, July 4, 2023, when an employee was unable to boot a computer. The port authority made the announcement in a statement (Japanese document posted by Bleeping Computer). Affected by the outage is the terminal system (NUTS, standing for Nagoya United Terminal System) used in all container terminals at Nagoya Port.

Later, a source familiar with the case told Japanese news agencies, that a message somehow has been sent to a printer, saying that the computer system was infected with ransomware, was discovered. The LockBit 3.0 group had demanded a ransom to restore the system, the Japanese media linked above said, although the Nagoya Harbor Transportation Association notice did not specify the ransomware group. Local police have started an investigation regarding the incident, it said.

All affected parties are currently working to restore the system with the goal of restoring the system by 6:00 p.m. on July 5 (Wednesday) and resuming work at 8:30 a.m. on July 6 (Thursday).

This is the language of Japan, which I got to know during my work stays in the 90s – there, deadlines are planned to the minute – silly if they cannot be met then. Due to the system failure, the loading and unloading of containers with trailers at the terminal was suspended after the security incident became known, and the loading and unloading of container ships entering the port is carried out by the main contract port operator.

Note: It's July 5, 2023, 5:13 p.m. German time – Japan is a few hours ahead of us, they have just after midnight. The Japanese Nagoya Harbor Transportation Association announcement page does not state that the problem has been fixed.

They are back in operation

Addendum: The port of Nagoya is really back and ready to work again. I had to check this morning (Thursday, July 6, 2023, at 6:00 a.m. German time) whether the port of Nagoya is working again – and yes, it was announced, they are back.

I was left breathless, nippon.com reports in this 3 hour old article that the container terminal system at Nagoy port is back up and running after the Lockbit 3.0 cyber attack. The article comes on the heels of an announcement today (Thursday) from the Nagoya Harbor Transportation Association.

The system was restored to operation at around 7 a.m. local time on Thursday (7/6/2023), two days after the outage began at around 6:30 a.m. local time on Tuesday (7/4/2023). Container handling at the Port of Nagoya is expected to resume later Thursday following the disruption caused by the attack.

Lockbit 3.0 and harbor of Nagoya

Lockbit is the name of a Russian-language group that operates Ransomware-as-a-Service. In 2019, Lockbit first appeared with a malware called ABCD. Since 2020, the group has offered malware distribution as a service on a commission basis.

In July 2022, Lockbit succeeded in a ransomware infection with Lockbit 3.0 at the German automotive supplier Continental AG. Furthermore, Fiege – a logistics company also operating in China – fell victim to this ransomware. The group also tries to persuade victims to pay a ransom (Ransome) by publishing data captured during the attack (before the systems were encrypted).

The overseas port of the Japanese city of Nagoya is the largest port in Japan. The area of the port is 42.133 square kilometers. The port has 290 quays, 21 piers and five container terminals (Tobishima Pier South Container Terminal, Tobishima Pier North Container Terminal, NCB Container Terminal, Nabeta Pier Container Terminal and Tobishima Pier South Side Container Terminal).

The port accounts for about 10% of Japan's total trade volume. Toyota Motor Corporation, one of the largest automobile manufacturers in the world, uses this port to export most of its vehicles. So any disruption to its operations will have serious consequences.