It hasn’t been a while since we heard of the Ryuk ransomware attack at the City of New Orleans. And now, here comes another similar report. Recently, a US Maritime facility also became a victim of the Ryuk ransomware. The incident caused huge disruptions at the facility.
US Maritime Facility Disclosed Ransomware Attack
The US Coast Guard recently disclosed a cyberattack that quickly caught the attention of the maritime sector. Reportedly, a US Maritime facility regulated under the Maritime Transportation Security Act (MTSA) has suffered a ransomware attack.
Elaborating on the incident in a security bulletin, the MTSA facility fell prey to the devastating Ryuk ransomware. The malware gained access to the facility’s IT infrastructure through a phishing attack. Consequently, it distorted the entire data and process operations whilst preventing the facility to access their data.
As stated in the bulletin,
Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility’s access to critical files. The virus further burrowed into the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations.
As a result, the attack caused a huge disruption at the facility with regards to IT operations and other systems. Eventually, the firm’s primary operations remained halted for about 30 hours.
The impacts to the facility included a disruption of the entire corporate IT network (beyond the footprint of the facility), disruption of camera and physical access control systems, and loss of critical process control monitoring systems.
The Firm Contained The Attack
In brief, they stated that having an up-to-date antivirus, prompt monitoring of real-time network traffic, network segmentation, centralized host and server logging with prompt monitoring, updated IT/OT network diagrams, and consistent backups of all data helped them shorten the recovery period.
Whereas, to prevent future incidents, the Coast Guard urges all maritime stakeholders to stay vigilant while dealing with unsolicited emails. Moreover, they also advise the facility owners and operators to review their cybersecurity defense measures.