Operations at one of three terminals at India's largest container port Jawaharlal Nehru Port (JNPT) in Mumbai were disrupted by the global ransomware attack. The attack was confirmed by the port authorities on 28 June 2017.
The impacted terminal is operated by Danish shipping giant AP Moller-Maersk. The Maersk group confirmed individually on 27 June that its operations were hit by a cyber attack named Petya that affected its multiple sites and select business units.
The group’s statement read, “We are responding to the situation to contain and limit the impact and uphold operations."
Anil Diggikar, JNPT chairman also stated that the port has been trying to clear containers manually but its operating capacity has dropped to a third at the terminal.
“This is a fallout of global cyber attack. Containers are piling up outside the port due to delay in loading and unloading at Gateway Terminals India,” Diggikar said and added that they are hopeful that the operations would normalise in a day.
AP Moller-Maersk operates the Gateway Terminals India (GTI) at JNPT, which has a capacity to handle 1.8 million standard container units.
Besides this, the cyber attack also affected computers at Russia's biggest oil company Rosneft, global advertising giant WPP Group, multiple institutions in Ukraine including its central bank and an international airport.
The current attacks come weeks after the Wannacry ransomware attack that affected over 300000 systems worldwide in May 2017.
What is Ransomware?
• It is a type of malicious software that blocks access to the victim's data or threatens to publish or delete it until a ransom is paid.
• While some simple ransomware may lock the system in a way which is not difficult for a technologically advanced person to reverse, more advanced forms of the malware use a technique called cryptoviral extortion to encrypt the victim's files, making them totally inaccessible.
• The malware demands ransom payments in a digital currency that is difficult to trace such as Bitcoin cryptocurrency or Ukash.
• The attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment.
• However, there was also a case of ‘WannaCryworm’ that travelled automatically between computers without user interaction.