A big cruise company suffers devastating ransomware attack

Hurtigruten, a major Norwegian-based cruise company, revealed that it has just been the victim of a cybersecurity incident apparently related to a ransomware infection: “This is a serious incident that could have a negative impact on our entire infrastructure globally,” said Ole-Marius Moe-Helgesen, the company’s head of IT.

The attack was detected during the early morning of Monday, so authorities were notified hours later: “This appears to be a ransomware incident,” the company’s executive added. As you will remember, ransomware is a variant of malicious software capable of encrypting victims’ data in order to demand a ransom in exchange for affected resources being restored to normal.

La imagen tiene un atributo ALT vacío; su nombre de archivo es ransomwarelocker.jpg

Hurtigruten did not add further details about the incident as the investigation is still ongoing, so the malware variant used or the amount of ransom demanded by threat actors is unknown.

This attack comes at the least opportune time possible, as the global tourism industry is struggling to stay afloat even with severe economic losses caused by the pandemic and isolation measures to prevent mass outbreaks.

Although the firm tried to get back its operations at some of its cruise ships a few months ago, the decision was made to suspend all operations indefinitely after detecting multiple positive COVID-19 cases among its crew and passengers.

According to recent figures, cruise lines in Europe generate revenues of almost 14.5 billion Euros per year, bringing a total of 53k formal jobs. However, by the end of 2020 losses of up to 25 billion Euros are estimated from the inability to operate on a regular basis, without considering related losses from ransomware incidents and similar attacks.