The infamous Russian-linked ransomware gang LockBit has claimed responsibility for an attack on a Japanese port that has temporarily crippled operations.

The ransomware attack targeted the Nagoya Port Unified Terminal System, the controlling body of the Port of Nagoya, Japan’s largest port, on the morning of July 4 local time. The port is a major hub for Toyota Motor Co.

The attack disrupted container operations within all terminals at the port, completing halting those operations via trailer transportation. The port’s status is unclear, but systems were expected to be back online in the morning of July 6 local time, or Wednesday evening EDT.

The Japan Times reported that there was an interesting twist. The port authority discovered that LockBit was behind the attack after a ransomware message was somehow sent to a printer. Typically, ransomware demands are sent through electronic communications.

The LockBit ransomware gang first emerged in 2020 and operates on a ransomware-as-a-service model, where affiliates use already-developed ransomware to execute attacks. In its time, LockBit has regularly been one of the most prolific ransomware groups and was named as the most active threat actor on the planet in January.

More recently, the LockBit gang was behind an attack on Managed Care of North America Inc. that was reported in May. A suspected gang affiliate was also arrested in Arizona in June and accused of being involved in multiple LockBit ransomware attacks against victims in the U.S., Asia, Europe and Africa.

“Given that the Port of Nagoya is Japan’s busiest port, handling approximately 10% of the country’s total trade volume, the effects of this disruption are likely to be far-reaching and could possibly ripple through the global economy,” Craig Jones, vice president of security operations at managed extended detection and response company Ontinue Inc., told SiliconANGLE. “The impact may be especially significant considering the current global supply chain issues already exacerbated by the COVID-19 pandemic.”

It’s unclear how the Nagoya Port will respond in terms of ransom demands, other than attempting to restore systems. But Darren Guccione, co-founder and chief executive at passwords and secrets management company Keeper Security Inc., said that although industry experts and government agencies advise organizations not to pay out in a ransomware attack, it’s a difficult decision because the organization risks losing sensitive information, access to critical files and the entire network infrastructure it needs to operate its business.

“Unfortunately, for some organizations and their customers, the attackers could be holding onto sensitive personal information, and paying the ransom is no guarantee that information won’t be sold anyway,” Guccione added. “Along with the immediate financial burden, recovering from a loss of that nature can be time-consuming and lead to reputational and operational damages. The most cost-effective method for dealing with a cyberattack is by investing in prevention with a zero-trust and zero-knowledge cybersecurity architecture that will limit, if not altogether prevent, a bad actor’s access.”

Photo: アラツク/Wikimedia Commons