An investigation of ransomware incidents in the maritime industry: Exploring the key risk factors

Ransomware is a subset of malicious cyberattacks that aim to hold an organization’s data or critical infrastructure at ransom, compromising or blocking access. If the attack is public or made public after the initial attack, it can also severely jeopardize an organization’s reputation. Given the direct and immediate impact ransomware attacks can have and the lack of in-depth sharing, additional research is needed to analyze ransomware incidents in order to understand the underlying causes of incidents in addition to the detection and prevention methods. In this paper, 22 public ransomware incidents within the marine industry have been investigated to determine their causal factors and commonalities. To investigate causal factors, DEMATEL (Decision Making Trial and Evaluation Laboratory) and a fuzzy set are used in order to enable an organization to better adhere to operational requirements and cyber risk management strategies to increase cyber resilience against ransomware incidents. The study’s findings highlight the fact that network layer cyber security mitigations, strategies for securely utilizing RDP (Remote Desktop Protocol) protocols, and investments in operating systems (OS) and software security are essential components of preventing future ransomware incidents. This study concludes by suggesting several suitable control and preventative measures to improve system safety.