U.S. Coast Guard reportedthat the infection of an unnamed marine object with malware caused a disruption to the surveillance system, physical access control systems, and critical process control and management systems. The name and location of the affected facility were not disclosed, however, the incident is described as having occurred recently and, apparently, a certain port became the victim of the ransomware.
Although the investigation of the incident has not yet been completed, it is reported that the port was attacked by the famous Ryuk cryptographer, and the malicious email received by one of the employees of the affected enterprise served as the starting point of the infection.
“When an employee clicked on a malicious link embedded in the letter, the ransomware was able to access a large number of corporate files and encrypt them, preventing the company from accessing these critical files,” representatives of the Coast Guard write.
As a result, the malware managed to spread to industrial control systems that monitor and control the transfer of goods, encrypting files critical to the operation of the systems. In fact, the entire IT network of the enterprise suffered, including outside the originally infected offshore facility. As a result, the port was forced to suspend operation for more than 30 hours.
It should be noted that ports and other facilities covered by the law “On the Safety of Shipping” are increasingly attacked by attackers. For example, in 2018, the ports of San Diego (USA) and Barcelona (Spain) reported ransomware attacks, which were also the responsibility of Ryuk ransomware operators. In addition, this year the US Coast Guard is already twice warned about the dangers of potential cyberattacks, although then these warnings related to malvari, designed to attack the IT systems of ships.