Skip to content

Illustration by iStock

Japan's Busiest Port Restarts Operations After Ransomware Attack

Japan’s Port of Nagoya is gradually resuming operations after a ransomware attack disrupted operations earlier this week. With five container terminals that feature 21 piers and 290 berths, the port handles the largest amount of cargo for the nation, roughly 177.79 million tons.

The attack—which the Russian ransomware group LockBit 3.0 allegedly claimed responsibility for via a ransom demand printed on one of the port office’s printers—resulted in a halt of operations at the port on the morning of 4 July. A Nagoya Harbor Transportation Authority (NHTA) employee discovered the attack when they could not access the computer system that operates the port’s cargo terminals.

In a 5 July notice (in Japanese) sent to port customers, the NHTA said it was working to resume operations as soon as possible.

Cargo operations were suspended, congesting trailers waiting to deposit or receive containers at the port that handles 10 percent of Japan’s imports and exports. Nagoya is an export hub for automobiles, and lists Toyota as a major user of the port, according to shipping publication The Loadstar. Beyond auto parts, Nagoya also handles food items.

Toyota Motor said that the attack would not impact shipments of new cars, according to CSO Online.

Operations at the port gradually began to resume on Thursday, according to Bloomberg. The first cargo terminal resumed functions at around 3 p.m. local time, with a second scheduled to resume at 5:30 p.m., and three more cargo terminals operating by 6:30 p.m.

“Critical infrastructure remains a key concern as the risk of business disruptions impacts millions of people and businesses dependent on goods shipped in and out of the Nagoya port daily,” said Roy Akerman, co-founder and CEO of cloud security solution firm Rezonate, in a statement shared with Security Management.

Although the system—the Nagoya United Terminal System—was restored earlier, cargo terminal operations required more time to recover due to the need to restore large amounts of deleted data, according to the NHTA.

The port is one of several across the world that have recently been targeted by malware.

“Last Christmas, hackers broke into the computer systems at Portugal’s Port of Lisbon, holding up operations for days,” Bloomberg reported. There were also ransomware attacks in 2022 on India’s Jawaharlal Nehru Port Trust and in 2021, when South Africa’s port and rail company was targeted.

“The expanding digital landscape provides more entry points for hackers, while the potential financial gains make these attacks lucrative. …By acknowledging the inevitability of ransomware attacks and taking proactive measures, businesses can enhance their resilience and safeguard critical systems, before the attack comes for them,” said Carol Volk, chief marketing officer of BullWall, in a statement.

This is not the first attack aimed at the port. Nagoya Port was targeted in September 2021 with a Distributed Denial of Service (DDoS) attack, which downed the Nagoya United Terminal System for nearly an hour.