US Coast Guard Discloses Ryuk Ransomware Infection at Maritime Facility
upstart writes in with an IRC submission for Anonymous_Coward:
US Coast Guard discloses Ryuk ransomware infection at maritime facility:
An infection with the Ryuk ransomware took down a maritime facility for more than 30 hours; the US Coast Guard said in a security bulletin it published before Christmas.
The agency did not reveal the name or the location of the port authority; however, it described the incident as recent.
"Forensic analysis is currently ongoing but the virus, identified as 'Ryuk' ransomware," the US Coast Guard (USCG) said in a security bulletin meant to put other port authorities on alert about future attacks.
USCG officials said they believe the point of entry was a malicious email sent to one of the maritime facility's employees.
"Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility's access to critical files," the agency said.
The USCG security bulletin describes a nightmare scenario after this point, with the virus spreading through the facility's IT network, and even impacting "industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations."
Coast Guard officials said the Ryuk infection caused "a disruption of the entire corporate IT network (beyond the footprint of the facility), disruption of camera and physical access control systems, and loss of critical process control monitoring systems."
The maritime facility -- believed to be a port authority -- was forced to shut down its entire operations for more than 30 hours, the Coast Guard said.
Read more of this story at SoylentNews.