The Port of Nagoya, Japan’s largest and busiest port, has fallen victim to a ransomware attack, resulting in disruptions to its container terminals’ operations. This significant port plays a pivotal role, accounting for approximately 10% of Japan’s total trade volume. Its extensive infrastructure encompasses 21 piers and 290 berths, facilitating the handling of over two million containers and an impressive cargo tonnage of 165 million annually. Notably, the Port of Nagoya is instrumental to the operations of the Toyota Motor Corporation, one of the globe’s premier automakers, serving as the primary export hub for the majority of its vehicles.
Container processing halted
Today, the Port of Nagoya’s administrative authority has issued a notification regarding a malfunction in the “Nagoya Port Unified Terminal System” (NUTS), the central system overseeing all container terminals within the port’s jurisdiction. According to the notification, this issue stems from a ransomware attack that occurred on July 4, 2023, at approximately 06:30 AM local time.
Following a thorough investigation into the root cause, the port authorities convened with the Nagoya Operation Association Terminal Committee, responsible for NUTS operation, and the Aichi Prefectural Police Headquarters. Their findings confirmed that the incident was indeed a result of a ransomware infection.
To address this critical situation, the port authority is diligently working to restore the NUTS system by 6 PM today, with the aim of resuming regular operations by 08:30 AM tomorrow. However, as a consequence of this cyber event, all container loading and unloading operations employing trailers have been temporarily suspended. This disruption has inflicted substantial financial losses on the port and severely disrupted the flow of goods to and from Japan.
While the Nagoya Authority has encountered cyberattacks in the past, this particular incident has had the most significant impact. On September 6, 2022, the port’s website experienced a 40-minute outage due to a substantial distributed denial-of-service attack (DDoS) orchestrated by the pro-Russian group known as Killnet.
As of the time of this publication, the identity of the threat actor behind the ransomware attack on the Port of Nagoya remains undisclosed, as no entity has publicly claimed responsibility for the intrusion.