PortandTerminal.com, December 28, 2019
WASHINGTON – The U.S. Coast Guard (USCG) published a marine safety alert to inform of a Ryuk Ransomware attack that took down the entire corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility earlier this month.
That is a major hit. The USCG alert did not, however, identify which facility was attacked.
Here’s what they did have to say.
Forensic analysis is currently ongoing but the virus, identified as “Ryuk” ransomware, may have entered the network of the MTSA facility via an email phishing campaignUnited States Coast Guard, Marine Safety Information Bulletin
The Coast Guard has put the blame on a virus identified as “Ryuk” ransomware and believe that it entered the facility via an email phishing campaign.
Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed the attackers to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility’s access to critical files.
And then things got worse. Next, the virus further burrowed into the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations.
The damage done to the facility included disruption of its entire corporate IT network (beyond the footprint of the facility), disruption of camera and physical access control systems, and loss of critical process control monitoring systems. Ouch.
These combined effects required the company to shut down the primary operations of the facility for over 30 hours while a cyber-incident response was conducted.
UK’s National Cyber Security Centre also published an advisory in June detailing Ryuk Ransomware campaigns targeting organizations around the globe including guidance on how to protect against ransomware attacks.
USCG has previously issued an alert in July this year, after being hit by such cyberattack against their deep draft vessel in February.
The Coast Guard is warning maritime stakeholders to check the authenticity of the sender before opening any emails or replying. Safety measures include the following:
- Intrusion Detection and Intrusion Prevention Systems to monitor real-time network traffic
- Industry-standard and up to date virus detection software
- Centralized and monitored host and server logging
- Network segmentation to prevent IT systems from accessing the Operational Technology (OT) environment
- Up-to-date IT/OT network diagrams
- Consistent backups of all critical files and software
Other articles you may find interesting
Copyright © 2019 PortandTerminal.com. All rights reserved. This material may not be published, broadcast, written or redistributed.