The US Coast Guard has issued a warning as one federal maritime facility was breached by a ransomware attack.
Ryuk ransomware attack on the maritime facility
The facility was attacked by Ryuk ransomware and its primary operations were shut down for over 30 hours. The facility immediately conducted a response to the attack but it still persisted for more than a day latching onto numerous critical files.
The Ryuk ransomware can be traced to a phishing email. An employee opened a link in the email that encrypted many critical files across the system. The link also disrupted the camera networks and physical access control systems. This caused a loss of control over monitoring systems that enable process control.
The US Coast Guard has advised other such centres to tighten the security of their administrative systems by using anti-virus tools. It advised that they should make backups of their data regularly and increase the monitoring of the network. The warning suggested them to divide the network into various segments so that the IT systems do not directly interact with operational technology environment.
The case is still under investigation and it is unclear whether the attackers demanded a bitcoin ransom or has it been paid already.
Ryuk and other ransomware attacks have seen a significant rise across 2019 while the number of other types of attacks has declined. The number of ransomware attacks surpassed exchange-jackings as the preferred mode of operation. In December alone, various high-profile ransomware attacks took place including the attack in New Orleans and the attack on CyrusOne.
Such attacks involve an attack on a system that encrypts numerous important files after which the attacker asks for a ransom to decrypt the files. the payment is usually requested in Bitcoins and other crypto assets due to the high level of privacy they provide.