A Ryuk Ransomware attack took down a US maritime facility

A Ryuk Ransomware attack has taken down the corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility.

Ryuk Ransomware continues to infect systems worldwide, the U.S. Coast Guard (USCG) announced that the malware took down the corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility.

“The purpose of this bulletin is to inform the maritime community of a recent incident involving a ransomware intrusion at a Maritime Transportation Security Act (MTSA) regulated facility.” reads the Marine Safety Information Bulletin. “Forensic analysis is currently ongoing but the virus, identified as “Ryuk” ransomware, may have entered the network of the MTSA facility via an email phishing campaign.”

According to the USCG, the attack vector was likely a phishing email sent to the operators at the MTSA facility.

“Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility’s access to critical files,” continues the USCG.

The Ryuk ransomware also infected the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations. The malware disrupted the entire corporate IT network, including camera and physical access control systems. The company was forced to shut down the primary operations of the facility for over 30 hours.

The USCG recommends the implementation of a set of security measures to protect the MTSA facility and reduce recovery time in case of an incident:

  • Intrusion Detection and Intrusion Prevention Systems to monitor real-time network traffic
  • Industry-standard and up to date virus detection software
  • Centralized and monitored host and server logging
  • Network segmentation to prevent IT systems from accessing the Operational Technology (OT) environment
  • Up-to-date IT/OT network diagrams
  • Consistent backups of all critical files and software

The Ryuk ransomware was involved in a long string of attacks targeting cities, hospitals, and organizations worldwide.

In September New Bedford city was infected with Ryuk ransomware, but did not pay $5.3M ransom. In April, systems at Stuart City were infected by the same Ryuk ransomware, in early March, Jackson County, Georgia, was hit by the same ransomware that paralyzed the government activity until officials decided to pay a $400,000 ransom to decrypt the files.

Recently the Ryuk ransomware was involved in the attacks against the city of New Orleans.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase