30 December 2019

Ryuk ransomware attacks unnamed US maritime transportation facility

The United States Coast Guard has released an information bulletin on an attack involving Ryuk ransomware against an unspecified Maritime Transportation Security Act (MTSA) regulated facility.

According to the document, the malware may have entered the victim facility’s computer network via a phishing email containing a malicious link. When an employee of the organization clicked the link, the ransomware gained access to important network files and encrypted them. In addition to infecting corporate information systems, the malware penetrated the industrial control systems that monitor and control cargo transfer, encrypting files critical to process operations.

The attack disrupted the entire corporate IT network (beyond the footprint of the facility), as well as camera and physical access control systems and critical process control monitoring systems. As a result, the company had to shut down the primary operations of the facility for over 30 hours.

This is one more incident in the current wave of ransomware attacks on various critical infrastructure organizations. Earlier, in mid-December 2019, the New Orleans City Hall allegedly fell victim to Ryuk ransomware.

Source: U.S. Coast Guard