DNV, a major maritime software supplier, has been hit by a ransomware attack affecting 70 customers operating nearly 1,000 ships worldwide. The attack took place on the evening of January 7, after which DNV experts turned off the IT infrastructure running its Shipmanager systems.
Shipmanager is a fleet management program allowing customers to monitor a shipping fleet’s operational, technical and compliance features. It’s used by nearly 7,000 ships owned by 300 customers combined. The ransomware attack currently affects almost 15% of the total ships using DNV software.
There’s no information on the attack vector, ransomware family or the threat actor behind this attack at the time of writing. DNV also hasn’t shared anything about a ransom demand as well.
The company has stated that it has bought in external cybersecurity experts, and the incident has been reported to the Norwegian Police, which has informed other relevant police agencies. There’s also no indication that the attack has affected any of its data, systems or services except Shipmanager.
The incident has also been reported to the Norwegian National Security Authority, the Norwegian Data Protection Authority (DPA) and the German Cyber Security Authority.
Thankfully, the incident didn’t affect the operational ability of the impacted ships. Impacted vessels can still use the onboard, offline capabilities of the Shipmanager software. That said, DNV hasn’t stated if any data leaked or was exposed during the attack or if it could cause shipping delays for the impacted vessels.
That said, affected customers have been asked to consider “relevant mitigation measures” based on the various types of data they might’ve uploaded to the system. DNV states that affected customers have also been notified of their responsibility to contact their local data protection authorities.