Ryuk Ransomware is effective that it’s repeatedly attacking numerous authorities by various methods. Today, the US Coast Guard published a maritime safety alert about the Maritime Transportation Security Act (MTSA) facility being hacked, and the entire corporate IT network had to shut down for more than 30 hours!
The Big Hit
The USCG reported this incident on Marine Safety Information Bulletin (MSIB), where it’s didn’t mention the exact facility being attacked, USCG hints about the cargo transfer industrial control systems to take the hit that encrypted files critical to process operations of the port. This attack led the facility to shut its network for around 30 long hours!
This incident is currently being investigated, and the USCG assumes the cause of this attack is to be a click on a phishing email that led attacker into MTSA facility network. The bulletin read,
“Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility’s access to critical files.“
After all, the Coast Guard now recommends facilities to use the Cybersecurity Framework of National Institute of Standards and Technology (NIST) to prevent further such hacks.
Measures For Securing
USCG has previously issued an alert in July this year, after being hit by such cyberattack against their deep draft vessel during February. And now, the Coast Guard warns maritime stakeholders to check the authenticity of the sender before opening any emails or replying. Measures detailed as:
- Intrusion Detection and Intrusion Prevention Systems to monitor real-time network traffic
- Industry-standard and up to date virus detection software
- Centralized and monitored host and server logging
- Network segmentation to prevent IT systems from accessing the Operational Technology (OT) environment
- Up-to-date IT/OT network diagrams
- Consistent backups of all critical files and software
While these were the latest measures, UK’s NCSC has published guidelines in June this year about Ryuk Ransomware’s effect and defence measures. After which, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to has issued its own guidelines for preventing such ransomware attacks.