A Ryuk Ransomware attack took down a US maritime facility

A Ryuk Ransomware attack has taken down the corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility.

Ryuk Ransomware continues to infect systems worldwide, the U.S. Coast Guard (USCG) announced that the malware took down the corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility.

“The purpose of this bulletin is to inform the maritime community of a recent incident involving a ransomware intrusion at a Maritime Transportation Security Act (MTSA) regulated facility.” reads the Marine Safety Information Bulletin. “Forensic analysis is currently ongoing but the virus, identified as “Ryuk” ransomware, may have entered the network of the MTSA facility via an email phishing campaign.”

According to the USCG, the attack vector was likely a phishing email sent to the operators at the MTSA facility.

“Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility’s access to critical files,” continues the USCG.

The Ryuk ransomware also infected the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations. The malware disrupted the entire corporate IT network, including camera and physical access control systems. The company was forced to shut down the primary operations of the facility for over 30 hours.

The USCG recommends the implementation of a set of security measures to protect the MTSA facility and reduce recovery time in case of an incident:

  • Intrusion Detection and Intrusion Prevention Systems to monitor real-time network traffic
  • Industry-standard and up to date virus detection software
  • Centralized and monitored host and server logging
  • Network segmentation to prevent IT systems from accessing the Operational Technology (OT) environment
  • Up-to-date IT/OT network diagrams
  • Consistent backups of all critical files and software

The Ryuk ransomware was involved in a long string of attacks targeting cities, hospitals, and organizations worldwide.

In September New Bedford city was infected with Ryuk ransomware, but did not pay $5.3M ransom. In April, systems at Stuart City were infected by the same Ryuk ransomware, in early March, Jackson County, Georgia, was hit by the same ransomware that paralyzed the government activity until officials decided to pay a $400,000 ransom to decrypt the files.

Recently the Ryuk ransomware was involved in the attacks against the city of New Orleans.

Pierluigi Paganini

January 2, 2020

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...