Threat Management, Malware, Ransomware

Ransomware attack on maritime facility prompts Coast Guard warning

The U.S. Coast Guard last month issued a safety bulletin following a ransomware attack that impaired both the IT systems and industrial control systems of a facility regulated by the Maritime Transportation Security Act (MTSA), and prompted a 30-hour operational shutdown.

The ransomware program, identified as Ryuk, was delivered via a phishing email containing a malicious link that was clicked by an employee. According to the alert, the ransomware encrypted critical network files, then "further burrowed into the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations."

"The impacts to the facility included a disruption of the entire corporate IT network (beyond the footprint of the facility), disruption of camera and physical access control systems, and loss of critical process control monitoring systems," continued the alert continued, which was issued back on December 16.

The Coast Guard did not name the specific facility that was affected, but did say that damage and delays caused by the attack were likely mitigated by a series of protections including intrusion detection and prevention systems, virus detection software, centralized and monitored host and server logging, segmentation between the IT and OT environments, up-to-date IT/OT network diagrams and back-ups of critical files and software.

Enforced as of July 2004, the MTSA was created to safeguard the U.S. maritime industry and commerce by requiring vessels and port facilities to assess vulnerabilities and develop security plans using risk-based decision-making.

"Ransomware was one of the most disruptive forms of cyberattack[s] in 2019 and it seems that this will continue to be the case in 2020," said Stuart Reed, vice president of cybersecurity at Nominet, in emailed comments. "With countless emails and links being sent across the network it is no small task to mitigate the risk of employees falling victim to an attack, and reminds us of the importance of a layered approach to security."

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.