DNV, the provider of the fleet management software ShipManager, was hit by a ransomware attack and had to shut down large parts of its IT systems. This affects 70 DNV customers and their 1.000 ships.
DNV's ShipManager servers fell victim to a ransomware cyberattack on the evening of January 7th. DNV experts immediately shut down the servers in response to the incident. DNV is in regular contact with all ShipManager users regarding the situation. Around 70 customers who operate around 1.000 ships are affected. All affected customers have been advised to consider appropriate remedial actions based on the type of data they have uploaded to the system.
70 customers with 1.000 ships affected
The good news for all customers: All ships can continue to use the offline functions of the ShipManager software on board. Other systems on board the ships should not be affected. Thus, the cyber attack has so far had no impact on the ships' operational capability. However, companies use the software for managing ships and crews. The description of the software mentions: a planned maintenance system, shipping procurement, ship safety management systems, crew management system, hull integrity management, dry dock and ship repair, and shipping data analysis.
DNV announces: “There is no evidence that any other data or servers are affected by DNV. The server outage will not affect other DNV services. The ship manager's IT infrastructure is isolated from DNV's other servers. The forensic investigation will be conducted by DNV's global IT security partners. This has confirmed that no lateral movement to other parts of DNV's IT infrastructure was carried out as part of the attack. Information such as DNV user accounts, emails and all other services are unaffected by the incident."
DNV Group is itself a provider of security services
A bit embarrassing: The group has its own cyber security department and offers testing & verification, governance, risk and compliance, safety & security risk management, insight & training, incident response & investigation, strategy & programs and even an ICS penetration testing service. Perhaps the group should have used this service on themselves.
The attack was reported to the Norwegian police, who informed the relevant police authorities. It has also been reported to the Norwegian National Security Authority, the Norwegian Data Protection Authority (DPA) and the German Cybersecurity Authority. All affected customers have been informed of their responsibility to notify the relevant data protection authorities in their countries.
Editor/sel
More at DNV.com