DNV’s ShipManager servers were victim of a ransomware cyber-attack on the evening of Saturday 7 January. DNV experts shut down the servers immediately in response to the incident. All vessels can still use the onboard, offline functionalities of the ShipManager software, other systems onboard the vessels are not impacted. The cyber-attack does not affect the vessels’ ability to operate.
There are no indications that any other data or servers by DNV are affected. The server outage does not impact any other DNV services. The Ship Manager IT-infrastructure is isolated from the rest of DNV’s servers and the forensic investigation conducted by DNV’s global IT security partners has confirmed that no lateral movement to other parts of the DNV IT-infrastructure was detected as part of the attack. Information like DNV user accounts, emails and all other services have not been affected by the incident.
The attack has been reported to the Norwegian Police, who has informed relevant police agencies. It was also reported to the Norwegian National Security Authority, the Norwegian Data Protection Authority (DPA) and the German Cyber Security Authority. All affected customers have been notified about their responsibility to notify relevant Data Protection Authorities in their countries.
As part of the investigation, DNV is working closely with global IT security partners to analyze the incident and ensure secure online operations as soon as possible.
DNV is in regular contact with all ShipManager customers about the situation. About 70 customers, operating around 1.000 vessels, are affected. All affected customers have been advised to consider relevant mitigating measures depending on the types of data they have uploaded to the system.