Major Japanese port suspends operation following ransomware attack

A cybercrime group believed to be operating out of Russia hit the largest and busiest trading port in Japan with a ransomware attack.

The Port of Nagoya, which accounts for roughly 10% of Japan's total trade volume and is responsible for handling some car exports for companies like Toyota, suspended its cargo operations Tuesday, including the loading and unloading of containers onto trailers following the incident.

Nagoya’s port authority told several Japanese media outlets that it plans to resume operations Thursday morning. Local residents observed temporary congestion of trailers at the port on Wednesday.

Nagoya Harbor Transportation Association attributed the attack to the LockBit ransomware group, which is considered the most prolific ransomware gang in operation. LockBit accounted for one in every six ransomware attacks in 2022, according to the U.S. Cybersecurity and Infrastructure Security Agency and FBI. The group hasn’t publicly claimed responsibility for the Nagoya attack.

The incident affected the computer system used to operate the port’s five cargo terminals. Some terminals are operating manually without the system, but if it is not restored the entry of ships into the port may be restricted, the Japanese television network FNN reported, citing the port’s authorities.

Toyota told Japanese media that it cannot load or unload auto parts due to the cyberattack, but its car production hasn’t been disrupted.

The incident was detected early on Tuesday when a port employee couldn’t start a computer, according to the port authority. Hackers allegedly remotely sent an English-language ransom note to a printer, asking for money in exchange for the system's recovery.

The port authorities didn't responded to requests for comment by the time of publication.

This isn’t the first cyberattack on Nagoya’s port — last September, the port’s website was temporarily knocked offline following a distributed denial-of-service (DDoS) attack by the Russian group Killnet.

And the attack on the Port of Nagoya is also just the latest one affecting the shipping industry. In January, about 1,000 vessels were affected by a ransomware attack against a major software supplier for ships. In 2022, the Port of Lisbon was targeted by LockBit while Europe saw a string of ransomware attacks on ports throughout the year.

In November, the U.S. Department of Homeland Security Secretary Alejandro Mayorkas told Congress that the most significant threat to U.S. ports is cyberattacks.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.