A cybersecurity breach at the Port of San Diego on September 25 described as “serious cybersecurity incident” by Port CEO Randa Conglio was, in fact, a ransomware attack by cybercriminals demanding bitcoin. This was revealed in a report on September 28, 2018, in the Times of San Diego quoting Conglio.
Effect of Ransomware Attack
Speaking to the media, Conglio confirmed that the attackers demanded an undisclosed amount of bitcoin in return for providing instructions to reverse the effects of the malware on the port’s computer systems. According to her, the 569-employee district is coordinating with the FBI and the Department of Homeland Security as the port suffers significant disruption. She also mentioned that the impact of the ransomware, for now, is limited to park permits, public record requests and business services.
While Conglio did not disclose precisely how the attack disrupted the port’s technology systems, ransomware attacks of this nature have been known to threaten network administrators with blocking access to their networks or publishing confidential information privately unless a ransom is paid.
Speaking to the press in a statement Conglio said:
“The port also continues close communication and coordination with the U.S. Coast Guard. It is important to note that this is mainly an administrative issue and normal Port operations are continuing as usual. The port has mobilized a team of industry experts and local, regional, state and federal partners to minimize impacts and restore system functionality.”
For now, the port remains open and normal docking activities continue to take place at San Diego Bay, seemingly without being affected by the incident, so it is difficult to estimate the extent of damage carried out by the ransomware program. According to Conglio, the shutdown of other systems at the port was a security measure in the interests of caution and risk minimization.
Ransomware Gains Popularity with Cybercriminals
BTCManager reported recently that Coveware, a startup based in San Francisco had created an entire business model out of advising clients who have been hit by ransomware attacks, walking them through the whole process from negotiating with cybercriminals and sourcing crypto funds to pay with to receiving decryptor tools for unscrambling client computer systems.
Companies like this look set to be kept busy for a while to come as cybercriminals increasingly make the switch to crypto to facilitate their criminal operations. BTCManager reported in 2017 that the notorious Wannacry ransomware struck a range of high profile targets including aviation giant Boeing.
There seems to be little sign of an end in sight, primarily as a legal framework to combat this relatively new form of cyber criminality does not exist in most regulatory jurisdictions yet. In September, BTCManager also reported that a Dutch court sentenced two convicted ransomware blackmailers to just 250 hours of community service after their malware hit over 1,000 websites.