News / DNV admits up to 1,000 vessels affected by ransomware attack

12/01/2023

In the wake of Saturday’s cyber-attack, DNV has told The Loadstar 70 companies and some 1,000 vessels could have been affected by what proved to be a ransomware incident.

The classification society, that ironically bought a digital security firm, Auvaro, in October, was however unable to clarify how many of the 1,000 or so ships using its ShipManager software have been affected.

DNV was also reticent to clarify how the ransomware programme had gained access to its systems, claiming it would jeopardise police investigations. This means it is not yet clear whether the programme hit DNV ShipManager through land-side infiltration or via a ship.

The Norway-based firm was also unwilling to say which ships or ship types were affected, or how, or if it meant the ships and their cargo would be delayed.

“I’ve been involved in exercises for vessels wherein the question was asked, ‘if a vessel is compromised, can they also compromise the shore and other vessels’ and the answer was ‘yes’,” explained Ken Munro of ‘white-hat hacker’ firm PenTestPartners.

“The question is a significant one, as it will have implications for assigning liability,” he added. “It may be that someone put some ransomware on a ship and it propagated through ShipManager and has taken down the shore systems as well.

“The bad bit, if it is shore-based, is really on DNV itself – the firm should have done a better job of making sure the systems were secure.”

A DNV spokesperson told The Loadstar: “We can confirm it was a ransomware attack. To supplement the 70 clients impacted I can confirm this includes around 1,000 vessels.”

Ransomware programmes are designed to make every kind of IT equipment unusable and the attackers demand payment in bitcoin to reinstate the system. Ransomware is designed to be omnivorous and “opportunistic”, noted Mr Munro, meaning that “…it is very unlikely that DNV was deliberately targeted.