London-based solicitor Henry Clack of law firm HFW has developed a sobering expertise in a specific area of crime: dealing with Nigerian organised criminal gangs. His experience comes from representing international shipping companies that have fallen victim to sophisticated cyber attacks.

"In the cases HFW has handled, the most frequent perpetrators we've encountered are Nigerian organised criminal groups," Clack states. These organisations have been linked to numerous high-value 'man-in-the-middle' fraud schemes in recent years.

This form of cyber fraud involves a hacker intercepting communications—such as email exchanges—between two parties. The criminal then impersonates both entities to steal sensitive information like login credentials or financial data, and in some cases, seizes control of the company's entire computer system. The attackers typically demand a ransom to restore access or return the stolen data.

Data from HFW indicates that this type of hacking is an escalating problem for the maritime sector, affecting both vessels and port infrastructure. The firm reports that the average cost of managing an attack surged from 2022 to 2023, doubling to approximately $550,000. In more severe cases where cybersecurity professionals struggle to eject the hackers, the average ransom payment has reached $3.2 million.

With approximately 80% of global trade transported by sea, operational disruptions can lead to massive cost increases and critical capacity shortfalls for shipping firms. This centrality makes the maritime industry a high-priority target for cyber attacks, both from criminal syndicates and hostile nation-states.

"Cybersecurity is a major concern for the shipping industry, given how interconnected the world is," says John Stawpert, Manager for Environment and Trade at the International Chamber of Shipping (ICS). "The impact can be quite significant if cyber criminals manage to disrupt your operations or, for example, carry out a ransomware attack."

The frequency of these attacks is rising sharply. Researchers at the Netherlands' NHL Stenden University of Applied Sciences documented a dramatic increase, from just 10 incidents in 2021 to at least 64 in the most recent year.

According to Jeroen Pijpker of the university's Maritime IT Security research group, many attacks are connected to the governments of Russia, China, North Korea, and Iran. In one instance, equipment destined for Ukraine was targeted after details were shared on a Telegram channel, explicitly aiming to disrupt the logistical chain.

Other attacks, whether originating in Nigeria or elsewhere, are motivated purely by financial extortion.

A key factor behind the rise in attacks is the industry's growing digital surface area. Increased digitization and new technologies like Elon Musk's Starlink satellite service have enhanced connectivity at sea, but also created more vulnerabilities. For example, a U.S. Navy officer was recently dismissed for installing an unauthorized satellite dish on a combat ship to provide internet access, highlighting security risks.

Furthermore, much of the industry's digitization has been implemented unevenly and often relies on rapidly outdated technology. The average cargo ship is 22 years old, and companies are often reluctant to take them out of service for frequent software updates.

Additional risks include GPS jamming and "spoofing," where hackers feed false location data to a ship's navigation system. This can cause a vessel to stray off course, potentially leading to physical damage—as was suspected in the case of the MSC Antonia, which ran aground in the Red Sea following a suspected GPS spoofing incident. Such tactics in the Baltic Sea have frequently been attributed to Russia.

Emissions monitoring sensors, which transmit data externally, present another potential entry point for attackers.

Despite these challenges, the industry is taking steps to bolster its defenses. In 2021, the International Maritime Organization (IMO) introduced updated cybersecurity regulations into its International Safety Management (ISM) Code, making it mandatory—rather than just recommended—for shipping companies to incorporate rigorous risk management practices into their safety systems.

"Personally, I think the industry is in a good place to deal with the threat—certainly compared with six or seven years ago," says Stawpert. "There's hugely increased awareness across the industry of cyber attacks and cyber crime, and that will increase over the coming years."

As for how lawyers like Henry Clack actually communicate with cybercriminal groups during negotiations? The exchanges are conducted via encrypted text-based messaging platforms and are kept as minimal and brief as possible—often just one or two sentences per day.