Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hackers Target U.K. Shipping Giant Clarkson

Clarkson, one of the world’s largest providers of shipping services, informed the public on Tuesday that it has suffered a security breach and the hackers may release some data taken from its systems.

Clarkson, one of the world’s largest providers of shipping services, informed the public on Tuesday that it has suffered a security breach and the hackers may release some data taken from its systems.

Clarkson provided only few details citing the ongoing law enforcement investigation, but the information it made public suggests that it was targeted by cybercriminals who tried to get the company to pay a ransom in order to avoid having its data leaked online.

The shipping giant said the attackers gained access to its systems using a single compromised user account, which has been disabled following the incident.

The company had been expecting the hackers to publish some data on Tuesday, but so far there haven’t been any reports of that happening.

“As a responsible global business, Clarksons has been working with the police in relation to this incident,” Clarkson said in a statement. “In addition, the data at issue is confidential and lawyers are on standby wherever needed to take all necessary steps to preserve the confidentiality in the information.”

Clarkson has started notifying affected customers and individuals. The organization claims it has been conducting a cybersecurity review of its systems and it plans on rolling out new IT security measures – in addition to the ones introduced in response to this security incident.

“As you would rightly expect, we’re working closely with specialist police teams and data security experts to do all we can to best understand the incident and what we can do to protect our clients now and in the future,” said Andi Case, CEO of Clarkson. “We hope that, in time, we can share the lessons learned with our clients to help stop them from becoming victims themselves. In the meantime, I hope our clients understand that we would not be held to ransom by criminals, and I would like to sincerely apologise for any concern this incident may have understandably raised.”

While Clarkson may have refused to pay the ransom demanded by the attackers, there are plenty of companies willing to pay up in order to avoid having to deal with a data breach becoming public knowledge.

Some studies have shown that 40% of businesses have paid the ransom demanded by hackers. Others studies said 70% accepted to pay, and half of them coughed up more than $10,000. One example is a Hollywood hospital that last year paid $17,000 to recover files encrypted by a piece of ransomware.

Some organizations attempt to negotiate with the attackers. HBO reportedly offered $250,000 to hackers who demanded millions of dollars, but the offer was not accepted. A South Korean web hosting provider also negotiated with cybercriminals, but still ended up paying $1 million after over 150 of its Linux servers were compromised.

Related: HBO Hackers Demand Millions in Ransom Note

Related: Hacker Grabs Data on 1.5 Million ESEA Gamers, Demands 100k Ransom

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.