Cyber Incident Victim: Port of Rosario
Date:
Jun 2017
Location:
Argentina
Summary
A ransomware attack using the Petya virus, exploiting the EternalBlue vulnerability in Windows systems, disrupted global operations including port facilities, manufacturing sites, and corporate networks. The Port of Rosario experienced halted deliveries and operational disruptions, mirroring impacts at other terminals such as APM Terminals in India and the US, a Cadbury factory in Australia, and companies like Reckitt Benckiser and Beiersdorf. Attackers demanded $300 in cryptocurrency per infected system, causing significant logistical and production challenges. Ukraine suffered extensive damage to government systems, energy providers, and banks, while entities like Rosneft and WPP implemented emergency measures. The incident underscored systemic vulnerabilities in delayed patch deployments across critical infrastructure sectors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Petya ransomware attack emerged globally on June 27, 2017, initially targeting Ukrainian entities including government systems in Kiev, the Chernobyl nuclear facility, and over 80 companies across Russia and Ukraine. The malware rapidly propagated through Europe, affecting major corporations such as Russian oil producer Rosneft, French manufacturer Saint-Gobain, British advertiser WPP, and pharmaceutical firm Merck & Co. Critical infrastructure operators faced severe disruptions, with APM Terminals—a subsidiary of Danish shipping giant Maersk—experiencing system failures at multiple ports, including Rotterdam and New York’s Port of New Jersey, forcing terminal closures. The attack reached Argentina’s Port of Rosario on the morning of June 27, impacting grain terminal operators and halting some deliveries, as confirmed by Guillermo Wade, manager of the local port and maritime chamber. Similar logistical disruptions occurred at India’s Jawaharlal Nehru Port Trust, where Gateway Terminal India resorted to manual cargo clearance after systems failed to identify shipments.
The ransomware leveraged the EternalBlue exploit, previously used in the WannaCry attack, to infiltrate unpatched Windows systems, encrypt files, and demand $300 in Bitcoin per infected device. While the primary impact centered on Ukraine and Russia, the attack’s global spread affected Australian manufacturing, with Cadbury’s Tasmania factory halting production, and Asian operations of Reckitt Benckiser and Beiersdorf reporting system compromises. Europol activated urgent response protocols, collaborating with member states and industry partners to assess the attack’s scope, while Rosneft and Kyivenergo implemented backup systems to maintain critical operations. Port operators worldwide, including those in Rosario, faced prolonged operational delays, though the article did not specify local remediation efforts. By June 28, Kaspersky Lab confirmed approximately 2,000 infections in North America, with Ukraine’s Central Bank noting financial sector breaches. The incident underscored systemic vulnerabilities in delayed patch deployment across industrial and logistical networks.