09 Jan Maritime Cyber Security: Ransomware attack on US maritime facility confirmed
Ransomware attack on US maritime facility confirmed
The Maritime Transportation Security Act (MTSA) regulated facility was recently attacked by ransnomware, which locked users out of access to critical files and saw the infection move beyond the local facility and into wider corporate networks. The US Coast Guard (USCG) has issued a marine safety bulletin confirming the attack
MTSA regulated facilities include ports, vessels and offshore platforms, though the specific facility affected by the attack has not been named.
Forensic analysis of the incident is currently ongoing, USCG says, but the virus, identified as the ‘Ryuk’ ransomware, is thought to have entered the facility’s network via an e-mail phishing campaign, with an employee clicking an embedded malicious link in the email and granting access to network files, which were then encrypted.
The virus was also able to gain access to the industrial control systems that monitor and control cargo transfer at the facility and encrypted files critical to process operations, according to the Coast Guard.
The impact of the attack included a disruption of the entire corporate IT network, stretching beyond the footprint of the facility itself, with disruption of camera and physical access control systems, and loss of critical process control monitoring systems.
These combined effects required the company to shut down the primary operations of the facility for over 30 hours while a cyber-incident response was conducted, USCG says.
Read the full article here: Source