clop attacks SWIRESPO

Incident Date:

April 23, 2022

World map

Overview

Title

clop attacks SWIRESPO

Victim

SWIRESPO

Attacker

Clop

Location

Concourse, Singapore

Singapore, Singapore

First Reported

April 23, 2022

Ransomware Attack on Swire Pacific Offshore

Swire Pacific Offshore, a Singapore-based maritime services provider, has been targeted by the ransomware group Clop. The attack resulted in the loss of confidential proprietary commercial information and personal data, including passports, payroll information, ID numbers, bank account details, email addresses, and internal correspondence messages. The number of exposed individuals could reach 2,500, corresponding to the firm's seafaring and onshore personnel in 18 countries.

Swire Pacific Offshore operates a fleet of over 50 offshore support vessels and has reported the incident to the relevant authorities, working with external experts to investigate and determine future actions. The company's website and likely other parts of its operations are currently offline.

The Clop Ransomware Group's Claim

The Clop ransomware group has claimed responsibility for the attack and posted screenshots of data during the attack, indicating that the ransomware gang stole sensitive information. The attack is part of a surge in ransomware incidents in 2023, with the average monthly number of reported ransomware victims reaching an all-time high of 31.

Increased Cyber Threats in the Maritime Sector

Swire Pacific Offshore is a significant player in the maritime services industry, operating in a sector that has seen a 900% increase in cyber attacks over the past three years. The company's vulnerabilities may have been exploited due to the industry's turbulent period, with rising costs, delivery delays, shortages, and inflation, making it an attractive target for ransomware actors.

The attack on Swire Pacific Offshore underscores the need for robust cybersecurity measures in the maritime services sector, particularly in the face of increasing ransomware threats.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.