In September 2021, CMA CGM, a France-based global shipping and logistics giant, fell victim to a cyber-attack involving Ragnar Locker ransomware. The attackers infiltrated the company’s network, stole and encrypted customer data, and demanded a ransom. To contain the breach, CMA CGM disconnected its global network from the internet, halting all online booking services, operational requests, and partially disrupting port and vessel operations. Customers were forced to rely on local offices for bookings and inquiries, causing significant operational delays.After the company refused to pay the ransom, the hackers leaked all stolen data, exacerbating the impact. The attack not only compromised sensitive customer information but also crippled critical business functions, leading to financial losses, reputational damage, and logistical chaos across its global supply chain. The incident highlighted vulnerabilities in maritime cybersecurity and the severe consequences of ransomware attacks on large-scale industrial operations.

In late September 2020, the French shipping giant CMA CGM fell victim to a Ragnar Locker ransomware attack orchestrated by the Ragnar Locker Gang. The cybercriminals exfiltrated personal data of clients and encrypted critical systems, demanding a ransom in exchange for a decryption key. While the marine and port operations remained functional, the attack disrupted online booking services, operational requests, and loading processes, forcing customers to rely on local offices for assistance. The company isolated its global network by cutting internet access to contain the ransomware’s spread. The primary motive was financial extortion, though the exact ransom amount was not disclosed publicly. The incident caused operational slowdowns, reputational damage, and potential long-term trust erosion among clients, though no evidence suggested a complete halt in core shipping activities. The stolen customer data heightened concerns over privacy breaches and regulatory compliance risks.

In February 2017, a container vessel operated by a leading global shipping company fell victim to a sophisticated cyber attack orchestrated by African pirates. The hackers targeted the ship’s Navigation Systems while it was en route from Cyprus to Djibouti, aiming to seize full control and redirect it to a location where they could physically hijack the vessel. The attack rendered the ship unmaneuverable for 10 hours, forcing the crew to bring in IT experts to restore system functionality after repeated failed attempts. The incident compromised the availability and integrity of the ship’s critical systems, posing severe risks to crew safety, cargo security, and operational continuity. Had the pirates succeeded in fully controlling the vessel, the consequences could have included financial losses from ransom demands, cargo theft, reputational damage, and potential environmental hazards if the ship had been diverted to unsafe waters. The attack highlighted vulnerabilities in maritime cybersecurity, particularly in legacy navigation and communication systems, which remain prime targets for cyber-criminals exploiting gaps in industrial control systems (ICS) and operational technology (OT).