Friday’s hack on DP World, one of the world’s largest port operators, triggered a company shutdown at the eastern ports of Melbourne, Sydney and Brisbane and at Fremantle in the west. While operations partially resumed on Monday, the investigation into the attack as well as measures to protect the network could disrupt services for days, DP World said in a statement.

The company expects to shift 5,000 containers out of the four ports on Monday, less than a quarter of the typical daily volume nationwide, a spokesman said. With local strikes also hitting DP World in coming days, it may be next week before normal activity resumes in Australia, the spokesman said.

DP World manages almost 40% of goods flowing in and out of Australia, exposing the country to widespread economic and commercial fallout from an attack on a single entity. The maritime trade giant is the latest victim in a string of high-profile cyber attacks this year. Industrial & Commercial Bank of China — the world’s biggest lender by assets — was recently struck by a ransomware attack that blocked some Treasury market trades from clearing.

As more ports automate and move away from paper documentation, hackers pose a growing threat to the region’s shipping networks. Ransomware hackers install malware on victims’ systems, holding them hostage until they receive payment.

With DP World struggling to get back on its feet, Australian Home Affairs and Cyber Security Minister Clare O’Neil said the government plans to force businesses to report any ransom incident, demand or payment. Authorities will also provide a guidebook to help companies prepare and deal with ransom demands, she said. 

DP World hasn’t received a ransom demand connected to the latest attack and doesn’t know which organization is responsible, the Australian Financial Review cited a top company official as saying.

Ransomware is the most disruptive cyber threat in the world today.

That’s why today we’re announcing the Albanese Government will work with industry to break the ransomware business model of the thugs and criminals behind it, and choke off their avenues of attack. pic.twitter.com/1RdQzCjB3A

— Clare O’Neil MP (@ClareONeilMP) November 12, 2023

In an update to importers and exporters earlier on Monday, the Freight & Trade Alliance industry body said there was still disruption at DP World’s Australian ports. According to the update, DP World was restricting exports at Melbourne. It also warned of “unforeseen service impacts” in Sydney and changes or limits to truck access at Fremantle.

“DP World Australia’s investigation and ongoing remediation work are likely to continue for some time,” the company said in its statement.

This isn’t the first time hackers have targeted major ports. In July, Japan’s biggest maritime port was hit by the notorious hacking gang Lockbit, a ransomware group with Russian ties that was also behind this week’s ICBC attack. A month earlier, several Dutch ports including Amsterdam and Groningen faced distributed-denial-of-service attacks, known as DDoS. 

In 2021, South Africa’s port and rail company was struck by a ransomware attack that forced it to declare force majeure at container terminals and switch to the manual processing of cargo. 

Australia’s ports are critical to its economy, with the nation moving 98% of its trade by sea, according to Ports Australia, a leading industry body. A lot of what Australians use on a daily basis — from computers to clothes and medicine are imported — while the country is a key agriculture, energy and mining exporter.

Police are investigating the cyberattack. DP World is combing through its servers to find out where hackers may have been, the data they may have looked at or and moved, and if they left any malicious software, the AFR reported, citing Nicolaj Noes, who oversees the Oceania business.

Noes told the paper there was a possibility that alarms raised by the firm’s monitoring software gave it time to shut down its systems before data was stolen or locked up.