The Port of San Diego is probing a cyberattack similar to the costly SamSam attack that crippled systems and services in Atlanta earlier this year.
“The Port of San Diego has experienced a serious cybersecurity incident that has disrupted the agency's information technology systems,” according to a statement from the port’s CEO, Randa Coniglio. “The Port has mobilized a team of industry experts and local, regional, state and federal partners to minimize impacts and restore system functionality, with priority placed on public safety-related systems.”
Just as in Atlanta, “the port is likely faced with paying a ransom or losing valuable data,” said Caroline Seymour, director of product marketing at Zerto.
The attack also compromised systems at the San Diego Harbor Police Department, which, a report in the San Diego Union-Tribune said, has switched over to other systems.
“Shipping ports handle sensitive information that can be leveraged for financial fraud and spearphishing attacks,” said Giovanni Vigna, director of UC Santa Barbara’s Center for Cybersecurity. “It is therefore not surprising that sophisticated malicious actors are targeting these enterprises.”
Calling for the industry to increase its “awareness and level of protection in order to counteract these attacks,” Vigna warned, “Failing to do so might, in the long run, cause larger problems for the companies whose information has been compromised.”
Seymour referred to a “recent analyst study [that] determined 50 percent of surveyed organizations have suffered an unrecoverable data event in the last three years,” noting that “while preventing these attacks is not always possible, diminishing the threat is.”
Barry Shteiman, vice president of research and innovation at Exabeam, said that while “security experts often warn against paying ransoms or entering into negotiations, in reality, the correct answer boils down to simple economics.”
But organizations must weigh the cost of paying the ransom against the potential damage, such as “the downtime caused by unavailable data, or by the backup restoration process, then organizations should pay,” Shteiman said. “If the cost of giving up on the encrypted data is higher - both in lost revenue or intellectual property, than remediation would be - the company doesn't have much choice but to pay up.”
Still he advised, “Paying the ransom is a last resort, and only after all other options have been exhausted” and urged cybersecurity teams to “understand the business models used by ransomware network operators, as well as have visibility into the kill chain of a ransomware attack, and how to detect and disrupt ransomware in corporate environments.”
With that kind of information in their arsenals, “analysts should be able to react faster in the unfortunate event their organization is hit with a ransomware infection," Shteiman said.