The U.S. Coast Guard has issued a warning after its monitoring system was compromised by a “Ryuk” ransomware that left the system stunned for 30 hours. It is yet to be ascertained whether the attackers made a demand for any ransom; usually, Ryuk ransomware is followed by a demand for a ransom in crypto.
The warning was issued on the marine safety bulletin platform after the attackers had targeted an unnamed facility. An initial investigation report suggested that a sophisticated phishing attack had facilitated the spread of a ransomware program that compromised the marine system. It started with a Phishing email that contained a link to an sketchy site.
Further investigations are underway at the facility and detectives await a complete forensic report before any conclusion can be made as to how such a sophisticated attack took place at one of the Maritime Transportation Security Act (MTSA)-regulated facilities. THE MTSA covers a wide range of facilities, each with distinct functionalities that service barge fleeting areas, commercial ports and terminals.
The warning also alerted other security agencies to take precautions in order to safeguard against similar happening. These centers have been asked to preserve their databases by creating separate copies and storing them at offline locations. Use of anti-virus tools have also been suggested to swiftly detect any malicious content before it penetrates the firewalls of the computer systems.
Usually Demand Payment in Cryptocurrency
This is not the first time when a red flag was raised for a cybersecurity threat. In July 2019, a technical team representing US Coast Guard inspected computer system aboard a deep draft vessel headed to the Port of New York. The malicious program had compromised the networking on the computers, but no data was stolen or compromised.
In the recent ransomware attack, experts have significant reason to believe that serious damage was done to the computer systems at the undisclosed facility. This is so because a ransomware’s primary objective is to steal, or corrupt data stored on an online computer system. Hackers leverage the working of a ransomware to demand payment from the victims, usually in cryptocurrency due to its anonymous nature.
Ransomware attacks have become increasingly popular with attackers. Ryuk ransomware in particular is used to target enterprise environments where the malware encrypts the data stored on the system and then allows the attacks to demand a ransom in crypto to decrypt them. However, in the recent attack, the true nature of the damage cannot be assessed as of now, and investigators are waiting for a complete forensic report to be released before any conclusion can be offered.
What do you think about the article?
If You Liked This Article Click To Share
