clop attacks SWIRESPO

Incident Date:

April 3, 2022

World map

Overview

Title

clop attacks SWIRESPO

Victim

SWIRESPO

Attacker

Clop

Location

Houston, USA

Texas, USA

First Reported

April 3, 2022

Swire Pacific Offshore Suffers Ransomware Attack, Exposing Personal Data of Over 2,500 Employees

Swire Pacific Offshore (SPO), a Singapore-based maritime services provider, has suffered a ransomware attack that resulted in the compromise of sensitive employee data. The attack, claimed by the Clop ransomware group, has affected the company's operations and led to the loss of confidential proprietary commercial information, as well as personal data of its seafaring and onshore personnel in 18 countries.

SPO operates a fleet of over 50 offshore support vessels and has reported the incident to the relevant authorities, while also working with external experts to investigate the attack. The company's website and likely other parts of its operations are currently offline.

The Clop ransomware group has posted screenshots of data during the attack, indicating that the ransomware gang stole passports, payroll information, ID numbers, bank account details, email addresses, and internal correspondence messages. The number of exposed individuals could reach 2,500, corresponding to the firm's seafaring and onshore personnel.

Ransomware attacks on the shipping industry have become increasingly common, with companies like A.P. Møller-Maersk, COSCO, Pitney Bowes, and the U.S. Coast Guard all reporting cyberattacks in the past. The industry is currently facing a turbulent period, with rising costs, delivery delays, shortages, and inflation, making it an attractive target for ransomware actors.

SPO will contact all potentially affected individuals to inform them about the incident, but no exact numbers have been published yet. The company's size and global operations make it a significant target for cybercriminals, highlighting the need for robust cybersecurity measures to protect sensitive data and prevent such attacks in the future.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.