US Coast Guard Discloses Ryuk Ransomware Infection at Maritime Facility (Dec 30, 2019)
The United States Coast Guard (USCG) has disclosed that an infection of Ryuk ransomware took down a maritime facility. In the security bulletin sent out, the USCG state they believe a malicious email containing a link was opened, enabling access to IT network files, which were then encrypted. The attack appears to have disrupted the corporate IT network, camera and physical access control systems and loss of process control monitoring systems. The unnamed port had to close operations for over 30 hours.
Recommendation: Educate your employees on the risks of opening attachments from unknown senders. In addition, as shown in this story, employees should also be cautious of opening suspicious attachments in emails even if they appear to have been sent from within the company. Anti-spam and antivirus applications provided from trusted vendors should also be employed. Emails that are received from unknown senders should be carefully avoided, and attachments from such senders should not be opened. Furthermore, it is important to have a comprehensive and tested backup solution and a business continuity plan in place for the unfortunate case of ransomware infection.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.