The email rar attachment contains an exe file: the first malware, which downloads the second. The stolen data is exfiltrated via SMTP.
Around 1.000 ships impacted by a ransomware attack on DNV. The company confirms, but explains that all vessels can still use the onboard, offline functionalities of the ShipManager software; other systems are not impacted
Around 1.000 ships worldwide and 70 customers have been impacted by a ransomware attack on DNV. The Norwegian based company confirmed it in a statement, in which it explains that the internal cybersecurity experts “shut down the servers immediately in response to the incident. All vessels can still use the onboard, offline functionalities of the ShipManager software, other systems onboard the vessels are not impacted. The cyber-attack does not affect the vessels’ ability to operate. There are no indications that any other data or servers by DNV are affected. The server outage does not impact any other DNV services. The attack has been reported to the Norwegian Police, who has informed relevant police agencies. It was also reported to the Norwegian National Security Authority, the Norwegian Data Protection Authority (DPA) and the German Cyber Security Authority.
At the moment there is no official information on which family the ransomware belongs to, but it is suspected that pro-Russia hacker groups may be behind the attacks
According to the company, “all affected customers have been notified about their responsibility to notify relevant Data Protection Authorities in their countries. As part of the investigation, DNV is working closely with global IT security partners to analyze the incident and ensure secure online operations as soon as possible. DNV is in regular contact with all ShipManager customers about the situation. About 70 customers, operating around 1.000 vessels, are affected. All affected customers have been advised to consider relevant mitigating measures depending on the types of data they have uploaded to the system”. At the moment there is no official information on which family the ransomware belongs to, but it is suspected that pro-Russia hacker groups may be behind the attacks, following the posture taken by Norway in response to the Russian invasion of Ukraine.