U.S. Maritime Facility Falls Prey to Ryuk Ransomware Attack

Malicious attacks involving the now infamous Ryuk ransomware have been on the rise, showing no signs of slowing down. This time, the cryptovirus has sneaked into the network of a U.S. facility subject to the Maritime Transportation Security Act (MTSA), crippling its operations for more than 30 hours, the U.S. Coast Guard (USCG) reports.

Infection Vector

Although the infection is still under investigation, the team in charge has found a malware-laden email supposedly opened by one of the people working at the facility. Apparently, it was this email and the code embedded therein that allowed the crooks behind the attack to lay their hands on a large number of corporate files before encrypting them so that they are no longer accessible to anyone else. What is more, the infection cut off employees' access to critical control and monitoring systems and spread far and wide, eventually hitting industrial control systems, as well.

Facility's Identity Remains Undisclosed

While we could not find the name of the infected facility in the Marine Safety Information Bulletin, we can make an educated guess based on the aforementioned revelation that the Ryuk infection reached the industrial control systems of the facility. Since such systems are responsible for controlling cargo-related operations, the Ryuk infection we're talking about may have struck an entire port.

Evasion

The new Ryuk ransomware infection underlines the need for better prevention techniques all marine transportation facilities should strive for. It also stresses the importance of USCG's cybersecurity guide published shortly after a similar attack struck in February 2019. The guide contains a number of pre-emptive measures, all of which come down to the idea of keeping Operational Technology (OT), Software and Network environments up to date, as well as deploying detection and prevention systems capable of intercepting potential malware attacks. Regular backups are an absolute must, as well.