Ransomware Attack Disrupts Operations at Japan’s Largest Port

What happened

A ransomware attack targeted the Port of Nagoya’s central IT systems, disrupting container terminal operations and forcing a temporary shutdown of key port functions. The incident, attributed to the LockBit ransomware group, affected systems early on a Tuesday and led to the suspension of loading and unloading activities until recovery efforts could restore normal operations.

Who is affected

The Port of Nagoya, Japan’s largest and busiest maritime hub, handling approximately 10% of the nation’s trade volume, experienced significant operational disruption. The outage impacted container movements through its Nagoya Unified Terminal System (NUTS), affecting cargo handling and logistics workflows. Major shippers, including Toyota Motor Corporation, which uses the port extensively for vehicle exports and parts movement, saw operations suspended, though immediate effects on production were reportedly limited.

Why CISOs should care

This incident underscores a persistent and evolving threat landscape for critical infrastructure sectors, particularly maritime logistics, where automated control systems are prevalent. Ransomware can halt physical operations by encrypting essential IT systems, magnifying supply chain risks and economic impact. The attack illustrates how threat actors continue to target operational technology environments and unified terminal systems, with potential ripple effects on global trade and industrial supply chains.

3 practical actions

1. Segment and isolate critical systems: Ensure that operational technology (OT) and port terminal control networks are segmented from corporate networks with strict access controls to limit ransomware spread.
2. Strengthen remote access defenses: Enforce multi-factor authentication, robust VPN security, and continuous monitoring for remote access pathways, which are common vectors for ransomware intrusions.
3. Test backups and incident response plans: Regularly validate backups for integrity and recovery speed, and rehearse ransomware response scenarios to minimize downtime and operational impact in the event of an attack.