Skip to content

Search the site

DNV ransomware attack: 1,000 vessels affected

It could have been a lot worse...

A ransomware attack on DNV, a major provider of marine fleet management software, has affected 70 customers and approximately 1,000 vessels, according to the Norwegian company on January 18.

The incident has not affected any of the vessels’ ability to operate – and given that the company provides services for over 6,000 vessels and mobile offshore units (MOUs), appears to have been well contained.

As well as providing maritime software, DNV also provides its own 24/7 cybersecurity incident response (IR) service as part of a portfolio, that also spans oil and gas and broader business assurance (none of which are reported to be affected.)

Compared to many ransomware incidents, DNV appears to have responded fast and minimised impact well; the company is likely to be well-versed in how to respond to the incident on the strength of its own IR playbook and security team.

DNV ransomware attack

DNV’s ShipManager servers were hit by ransomware on the evening of Saturday January 7.

Other services from the company were not impacted: “All affected customers have been advised to consider relevant mitigating measures depending on the types of data they have uploaded to the system” DNV said.

“All vessels can still use the onboard, offline functionalities of the ShipManager software, other systems onboard the vessels are not impacted [the incident does not] affect the vessels’ ability to operate” DNV said.

"The attack has been reported to the Norwegian Police... It was also reported to the Norwegian National Security Authority, the Norwegian Data Protection Authority (DPA) and the German Cyber Security Authority. All affected customers have been notified about their responsibility to notify relevant Data Protection Authorities in their countries. As part of the investigation, DNV is working closely with global IT security partners to analyze the incident and ensure secure online operations as soon as possible" the company said today.

Follow The Stack on LinkedIn

A report this week by backup specialist Veeam found that cyberattacks caused the most impactful outages for organisations in 2020, 2021 and 2022, with 85% of organisations attacked at least once in the past 12 months.

Credit Veeam, 2023.

On average, organisations reported that only 55% of their encrypted/destroyed data was recoverable.

Many organisations hit by ransomware find that their backups have also been infected/compromised and several victims say that without well-drilled playbooks, restoration can get messy very fast; e.g. IT staff not knowing how to restore from backups when their domain controller is infected, finding it physically complicated to access cold backups, etc.

Ransomware attack impact

A crippling ransomware attack on freight company Expeditors cost it $40 million in charges on lost shipping opportunities and a further $20 million in investigation, recovery, and remediation expenses The Stack revealed in 2022.

Expeditors CIO Christopher J. McClincy said that “systems impact related to the cyber-attack limited our ability to arrange shipments or manage customs and distribution activities, or to perform certain accounting functions, for approximately three weeks after the attack" with the company's CEO adding: "All of our products suffered as a result of the cyber-attack, particularly during the first three weeks after the attack, as we quickly adjusted to a new and unfamiliar operating environment in which our core systems were taken offline to protect our network."

We got hit by ransomware. This is how it played out