DP World cranes at Port Botany in Sydney on November 13

Sydney (AFP) - Major ports handling nearly 40 percent of Australia’s freight trade may remain crippled for days, officials said Monday, after a cyberattack blocked the key gateways.

Leading ports operator DP World said it cut its systems from the internet when the attack was detected Friday, preventing trucks from unloading or picking up cargo at ports in Sydney, Melbourne, Brisbane and Fremantle.

Australia’s national cybersecurity coordinator, Darren Goldie, said DP World is “making good progress in trying to get their systems back online”.

“I don’t have any further estimation on the time it will take to restore but the company does have confidence that that is certainly in the days, not weeks, category,” he told national broadcaster ABC.

The DP World ports were able to remove containers from ships, but the cargo yards were “filling up”, he said, because trucks could not transport the goods in or out.

Goldie said the company did the right thing by cutting off its internet access to prevent the cyberattack from spreading.

Goldie said he did not know who was behind it. And he did not expect the government to be attributing blame “anytime soon”.

He said “all indications” pointed to the incident being contained but stressed that he was relying on DP World and its response team for that information.

DP World’s advisor on its response to the cyberattack, Alastair MacGibbon, said there had been “unauthorised activity in the system”.

Data had been taken by “someone malicious or unauthorised”, he told Nine Network television, without giving details of the nature of the stolen information.

The port operator was able to access emergency freight such as vital medical supplies and equipment, said MacGibbon, chief strategy officer at CyberCX.

The Australian government called emergency meetings with the company and industry representatives over the weekend to manage its response.

- Lucrative target -

The environment and water minister, Tanya Plibersek, said the government wanted to toughen Australian businesses’ defences against cyberattacks.

International criminal syndicates were using ransomware to extort money from Australian businesses but the government did not know the full extent because some victims paid the ransom without reporting it, the minister said.

Cybersecurity experts have said inadequate safeguards and the stockpiling of sensitive customer information have made Australia a lucrative target for hackers.

Medibank, Australia’s largest private health insurer, said in November 2022 that hackers had accessed the data of 9.7 million current and former customers, including medical records related to drug abuse and pregnancy terminations.

Just two months earlier, telecom company Optus fell prey to a data breach of a similar scale in which the personal details of up to 9.8 million people were accessed.

Those two incidents were among the largest data breaches in Australian history.

Optus, Australia’s second-largest phone provider, apologised to its more than 10 million customers last week over a “technical network outage” that cut off mobile and internet services for many hours.

The Australian government has launched an investigation into that unexplained glitch, although it has not been described as a cyberattack.