Coast Guards of U.S. Warns Over Ryuk Ransomware Attacks
- Coast Guards warns about the Cryptocurrency related ransomware attacks at an unnamed facility at the U.S. maritime facility.
- Due to the impact of the ransomware, the whole facility shut down for more than 30 hours.
After an incident of a cryptocurrency-related ransomware attack at an anonymous facility of IT network of a federally regulated maritime facility, the U.S coast guards issued a security warning this month. Coast guards have been informing the facilities to make further security precautions, including IT networks, other operational environments.
The alert said, “The impacts to the facility included disruption of the entire corporate IT network (beyond the footprint of the facility), disruption of camera and physical access control systems, and loss of critical process control monitoring systems.” And further said, “These combined effects required the company to shut down the primary operations of the facility for over 30 hours while a cyber-incident response was conducted.”
The attack is still under the investigation, and the coast guards believe that the attack started with a phishing email which contained a malicious link after a worker at the facility clicked the malicious link, entire facility was impacted including the industrial control systems that monitor and control cargo transfers as well as encrypting files critical to daily operations.
These are new cryptocurrency-locking malware which has been active since the year 2018. It disrupted the operations of several major U.S. newspapers. It has also been targeting various enterprise organisations worldwide, asking for ransom payments from 15 to 50 Bitcoins. The ransomware has been operated by a group of Russia-based criminal groups, WIZARD SPIDER, since August 2018.
This, not the only security alert received, earlier this year, Kaspersky also reported that the cryptocurrency mining attacks have been reduced. Still, there has been a significant increase in ransomware attacks.