conti attacks TST Logistics

Incident Date:

March 9, 2022

World map

Overview

Title

conti attacks TST Logistics

Victim

TST Logistics

Attacker

Conti

Location

Marseiller, Germany

Duisburg, Germany

First Reported

March 9, 2022

Maersk Logistics Suffers Ransomware Attack by Conti Group

Maersk Logistics, a global transportation and logistics company, has reportedly been targeted by the ransomware group Conti. The attack was announced on the group's dark web leak site, and while the specific details of the attack are not yet available, it is known that Maersk operates in the transportation sector and has a significant presence in the shipping industry.

Company Overview

Maersk is a Danish conglomerate with a workforce of nearly 90,000 employees and operations in 130 countries. The company is known for its extensive shipping and logistics services, including container shipping, supply vessel operations, and terminal management.

Industry Standout

Maersk is a leading player in the global shipping industry, with a significant market share and a reputation for innovation and efficiency. The company has been recognized for its efforts in improving cybersecurity, particularly in the wake of the 2017 NotPetya ransomware attack, which forced the company to reinstall 4,000 servers, 45,000 PCs, and 2,500 applications.

Vulnerabilities

Despite its efforts to improve cybersecurity, Maersk has been targeted by ransomware groups in the past. The 2017 NotPetya attack, which was traced to compromised tax-accounting software widely used in Ukraine, caused significant disruption to the company's operations. The attack was particularly devastating due to the widespread use of the EternalBlue exploit, which targeted unpatched Microsoft Windows systems.

The Conti ransomware group's attack on Maersk Logistics underscores the ongoing threat of cyberattacks in the transportation and logistics sector. While Maersk has demonstrated its ability to recover from such attacks, the cost and disruption caused by these incidents highlight the need for continued vigilance and investment in cybersecurity measures.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.