Ransomware Attack Stops Container Operations at Japan’s Nagoya Port

ransomware Nagoya — Nagoya is Japan's largest port and home to Toyota Motor Co. (Nagoya file photo)

Container operations are suspended at the Port of Nagoya, the largest port in Japan for the past two decades, as they work to recover from a ransomware attack on their systems. Japanese media is linking the attack to a pro-Russian group while noting it is the second but far more consequential attack on the port’s systems in less than a year.

Media reports in Japan are saying that the attack was discovered around 6:30 a.m. Tuesday, July 4, when workers attempted to boot the computer systems at the port. They were unable to start the system and received a message that it was suffering a ransomware attack. Kyodo News is citing port officials attributing the attack to a Russia-based group Lockbit 3.0.

Nagoya accounts for approximately 10 percent of Japan’s total trade. The port complex includes 21 piers and 290 berths, handling over two million containers and 165 million tons of cargo each year. Critically, it is the homeport for Toyota Motor Corp. which handles all its imports and exports at Nagoya. Company officials said they have not been able to move parts shipments but that production at its factories is not affected at this time. They are however closely monitoring the progress to restore the port systems.

Port officials issued an announcement initially saying that they would restore the systems by 18:00 but later delayed it by two hours to 20:00 tonight, Wednesday, July 5. They continue to target a resumption of work for 08:30 Thursday morning.

News pictures showed trucks lined up on the streets outside the port gates. Port officials said the gates would remain closed until the systems were operating, but they were permitting the loading and unloading of containerships by the prime contractor.

Japanese media is pointing out that the Port of Nagoya’s systems were hit by a brief interruption last September. Reports said the port’s website was down for approximately 40 minutes during the last attack which was more limited in scope.

Ports around the world are all citing dramatic increases in attempted attacks and intrusion into their systems, which becomes especially critical as ports move toward digitalization. In December 2022, the port of Lisbon, Portugal suffered an attack with the hackers threatening to make public large portions of the port’s data. In India, the Jawaharlal Nehru Port also suffered a ransomware attack last year, while the South African port operator Transnet was hit in 2021.