Centre for Internet & Society

Shipping ministry says the GoldenEye ransomware attack at JNPT and Pipavav port may result in bunching of inbound and outbound cargo.

The article by Jyotika Sood and Utpal Bhaskar was published in Livemint on June 28, 2017. Pranesh Prakash was quoted.

Operations at one of three terminals at India’s largest container port, Jawaharlal Nehru Port Trust (JNPT) run by AP Moller-Maersk, near Mumbai, were disrupted by a global ransomware attack, the port said on Wednesday. The version that caused the disruption has been dubbed GoldenEye by security firm Bitdefender Labs.

Operations at the Danish firm’s terminal at Gujarat Pipavav Port were also affected, but by the Petya variant of the ransomware.

Ransomware typically logs users out of their own systems and asks them to pay a ransom if they want to access the encrypted data.

“The central server is in Europe which we can’t control. It is not a problem aimed at India... we have become collateral damage,” said a senior Indian government official involved in cybersecurity operations.

The ransomware hit the integrated transport and logistics firm’s global operations on Tuesday across its 75 terminals. It also impacted Chernobyl’s radiation monitoring system, law firm DLA Piper, pharma firm Merck, a number of banks, an airport, the Kiev metro, British advertising giant WPP and Russian oil firm Rosneft, according to Bitdefender Labs.

“The IT (information technology) department of JNPT became aware of the attack at around 4.30pm on Tuesday. The Windows server started conking off and the master file got encrypted and we couldn’t access any data. The operations immediately came to a standstill,” said a JNPT official requesting anonymity.

AP Moller-Maersk operates the Gateway Terminals India (GTI) at JNPT which has a capacity to handle 1.8 million standard container units. JNPT, which ships more than half the containerized cargo passing through India’s ports, serves a vast hinterland comprising all of northern and western India.

“While DP World and JNPT terminals are operational, the Gateway Terminals India operated by APM is completely shut,” said the JNPT official.

This is the second major ransomware attack since May after hackers exploited a loophole that was first identified by the US National Security Agency, to create WannaCry, that affected several businesses in more than 150 countries including India.

The ministry of corporate affairs and the Andhra Pradesh Police were affected, besides several large organizations..

“While the terminal operator is taking steps to address the issues disrupting operations, it is anticipated that there could be bunching of in-bound and out-bound container cargo,” India’s shipping ministry said in a statement.

Maersk group, through its terminal and infrastructure business, has invested $800 million in India.

“The global attack has impacted APM terminal of the JNPT port. The operations at the terminal have slowed down and are being entered manually. We are trying to handle the crisis by diverting traffic to other terminals,” JNPT chairman Anil Diggikar said, adding that JNPT’s operations have not been affected to a great extent.

He said it would take around 24 hours to clear the backlog.

Gujarat Pipavav Port told stock exchanges that the ransomware did not have “any major impact on the company at this point in time”.

Concerns have been expressed about the safety of India’s infrastructure projects with power generation and transmission projects figuring high on terrorist threat lists.

Ravi Shankar Prasad, minister of electronics and information technology, on Wednesday said advisories have been issued and the government is keeping a close watch on developments.

The Indian Computer Emergency Response Team (CERT-In), the agency coordinating efforts on cybersecurity issues, in a 27 June advisory warned, “It has been reported that variants of Petya ransomware with work-like capabilities are spreading.”

Such attacks pose a grave threat to the economy and businesses. Cybersecurity Ventures predicts global annual cybercrime costs will grow from $3 trillion in 2015 to $6 trillion by 2021.

Experts believe India is ill-equipped to face such attacks.

“These cases of malware attacks highlight the need for proper planning of cybersecurity at all levels, especially for the government infrastructure networks,” said Pranesh Prakash, policy director at the Centre for Internet and Society, a Bengaluru-based think tank.

“Transportation and shipping companies are ill-prepared for cyberattacks,” added Amit Jaju, executive director, fraud investigation and dispute services, EY.

The emergency playing out at the ports assumes significance, given India’s Rs8 trillion investment plan until 2035 under the Sagarmala programme, which involves the construction of new ports to harness the country’s 7,517km coastline and setting up of as many as 142 cargo terminals at major ports.

“Indian companies lose approximately Rs40,000 crore due to cybercrime every year. India is among the top 5 countries today in terms of the frequency and the number of cyber attacks,” Jaju said.

“We are not prepared at all. This is a question of cyber literacy because the latest attack has reused the same Windows vulnerability that was exploited by WannaCry ransomware last month and for which security patches were released almost three months ago by Microsoft,” added cybersecurity expert Mohit Kumar.

Anirudh Laskar, Mayank Aggarwal, Shally Seth & Komal Gupta contributed to the story.

Filed under: