A ransomware attack against the US Coast Guard has led to the disruption of their entire corporate IT network.
In a security warning, the Coast Guard announced that a ransomware intrusion occurred at a Maritime Transportation Security Act (MTSA) regulated facility.
“Forensic analysis is currently ongoing but the virus, identified as “Ryuk” ransomware, may have entered the network of the MTSA facility via an email phishing campaign,” said the US Coast Guard.
It is believed that that the point of entry was from a malicious email sent to one of the maritime facility’s employees.
“Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility’s access to critical files.”
In addition, the ransomware infection further burrowed itself into the control systems that monitor cargo transfer and encrypted files vital to process operations.
Subsequently, the infection led to the disruption of camera and physical access control systems, and loss of critical process control monitoring system.
The primary operation of the facility was forced to shut down for over 30 hours. The warning does not disclose any information on how much ransom was demanded or when the attack occurred.
“The Coast Guard urges maritime stakeholders to verify the validity of the email sender prior to responding to or opening any unsolicited email messages. Additionally, facility owners and operators should continue to evaluate their cybersecurity defense measures to reduce the effect of a cyber-attack.”
The post #Privacy: US Coast Guard issues security warning following ransomware attack appeared first on PrivSec Report.