Posted on December 31, 2019 at 9:58 AM
According to reports from a US Coast Guard, the loss of critical control monitoring system and physical access control system in one of the ports is a result of a Ransomware infection.
The Coast guard published a security bulletin shortly before Christmas, explaining that he Ryuk ransomware infiltrated the Maritime facility for more than 30 hours. Although the maritime agency gave detailed explanations of the attack, it did not disclose the location or name of the port authority.
US securities coast Guards put out the information to alert other port authorities on the attack for a tighter security upgrade.
The attack came through Phishing Mail
The USCG officials have revealed that the attackers were able to infiltrate the facility through a phishing mail one of the facility’s employees received. After the employee opened the malicious mail, the ransomware was able to infiltrate and gain access to several areas within the facility. According to the officials, the ransomware sent a threat actor and gain access to the facility’s IT network files. Afterwards, it was able to encrypt the files and block the facility from accessing vital files, USCG officials said.
The bulletin explained how the virus was able to spread rapidly through the facility’s network. According to USCG, the virus spread immensely to the important sections of the facility’s IT network. It also impacted on the industrial control systems responsible for monitoring and controlling cargo transfer. The virus infiltrated the files, encrypted them and denied the facility access to those files for more than 30 hours.
Attack caused Imbalance on IT network
The Coast Guard officials revealed that the ransomware attack caused an imbalance in the whole corporate IT network. It disrupted both the access control systems and the vital control monitoring protocols within the network.
As a result of the attack, the port authority had no choice than to shut down the system’s entire IT network for more than a day. According to the coast guard, shutting down was necessary to prevent the ransomware from causing further damage before they could strengthen the security of the facility’s IT network.
Maritime Cyber attacks on the increase
Apart from the report on the ransomware attack, the security bulletin also includes preventive actions to take against future attacks. The advisory was published on Dec. 16 before other maritime ports become targets for the Ryuk ransomware attack.
USCG has circulated the report across all maritime ports, and it’s believed they are well informed about the activities of the ransomware. The maritime facilities are advised to set up countermeasures as soon as possible to detect and stay immune to the attack.
In the past, hackers have seen few loopholes in the networks of port authorities. The networks are seen as easy targets to ransomware attacks.
In September last year, the ports in Barcelona and port in the US (San Diego) were reportedly attacked with ransomware. The second attack occurred five days after the first. After findings, it was revealed that the Ruyk ransomware for responsible for both attacks.
Earlier in July last year, the Long Beach Port was reportedly attacked by the same ransomware. However, before the attack could cause damage, it was isolated and eliminated. According to reports at the time, the attack was isolated at the port terminal of the Chinese shipping company (COSCO).
And barely a year ago, there was a report by a consortium of 21 shipping associations in December last year, detailing how ransomware and other types of viruses were finding their ways into the networks of ships and ports. According to the report, there were worms, USB malware, ransomware, and other related viruses in some of the exposed port networks.
The increased threats to the port networks have alerted the US Coast Guards, and they have taken notice. Earlier this year, the Maritime Authority started issuing information about possible threats to the network of ships and ports. The Guards are also issuing security warnings not only against physical threats but against piracy and terrorism issues as well.