US Coast Guard Admits Ransomware Took Down Facility

CyberCrimeSecuritySecurity Management

US coast guard confirms “ransomware intrusion” at unnamed facility that took down entire IT network, was caused by phising attack

The US Coast Guard (USCG) is the latest entity to hit by the modern day electronic scourge of ransomware.

The USCG confirmed the “ransomware intrusion” when it published a marine safety alert last month to inform of a Ryuk ransomware attack that took down the entire corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility.

It comes after ransomware forced the City of New Orleans just before Christmas to declare a state of emergency after all governmental computers were forced to shut down.

Coast Guard

The US Coast Guard did not identify the facility affected, but it is suspected to be a port as the ransomware managed to infiltrate cargo transfer industrial control systems.

“Forensic analysis is currently ongoing but the virus, identified as “Ryuk”ransomware, may have entered the network of the MTSA facility via an email phishing campaign,” said the coast guard. “Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility’s access to critical files.”

“The virus further burrowed into the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations,” the USCG said. “The impacts to the facility included a disruption of the entire corporate IT network (beyond the footprint of the facility), disruption of camera and physical access control systems, and loss of critical process control monitoring systems.”

It said the infection forced it to “shut down the primary operations of the facility for over 30 hours while a cyber-incident response was conducted.”

Security experts have warned that the scourge of ransomware is set to continue in 2020.

“Ransomware was one of the most disruptive forms of cyber attack in 2019 and it seems that this will continue to be the case in 2020,” said Stuart Reed, VP Cyber Nominet.

“With countless emails and links being sent across the network it is no small task to mitigate the risk of employees falling victim to an attack, and reminds us of the importance of a layered approach to security,” said Reed. “While access control should limit the path of an attacker and robust backups can restore systems as soon as possible, it is also important to have broad visibility of the network to identify and eliminate an attack quickly.”

“Critical services and infrastructure will continue to be targeted by cyber criminals and it’s only with partnerships between security experts, risk specialists and those responsible for the build and protection of these highly important assets that we will be able to improve our overall security posture against attackers,” Reed concluded.

Ryuk attacks

Ryuk was also responsible for knocking offline government computers in the US state of Louisiana in November 2019.

That was the second such attack on that particular US state.

In July 2019 Louisiana Governor John Bel Edwards declared a state of emergency after school systems in Sabine, Morehouse, and Ouachita parishes in North Louisiana were hit by ransomware attacks.

That July declaration was the first activation of Louisiana’s emergency support function relating to cybersecurity, which is newly created in Louisiana, in anticipation of the threat of cyber attacks.

Two years ago it created the Louisiana Cybersecurity Commission to access cyber threats, a move that stands in marked contrast to a lack of action from other US cities and towns.

Ransomware of course is a scourge of computer systems at the moment, and has impacted businesses and cities such as the City of Baltimore earlier this year.

Do you know all about security? Try our quiz!

Author: Tom Jowitt
Click to read the authors bio  Click to hide the authors bio