SoylentNews

US Coast Guard Discloses Ryuk Ransomware Infection at Maritime Facility

posted by janrinok on Wednesday January 01 2020, @05:37PM   
from the how-many-times-must-we-say-"don't-open-suspicious-emails"? dept.

upstart writes in with an IRC submission for Anonymous_Coward:

US Coast Guard discloses Ryuk ransomware infection at maritime facility:

An infection with the Ryuk ransomware took down a maritime facility for more than 30 hours; the US Coast Guard said in a security bulletin it published before Christmas.

The agency did not reveal the name or the location of the port authority; however, it described the incident as recent.

"Forensic analysis is currently ongoing but the virus, identified as 'Ryuk' ransomware," the US Coast Guard (USCG) said in a security bulletin meant to put other port authorities on alert about future attacks.

USCG officials said they believe the point of entry was a malicious email sent to one of the maritime facility's employees.

"Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility's access to critical files," the agency said.

The USCG security bulletin describes a nightmare scenario after this point, with the virus spreading through the facility's IT network, and even impacting "industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations."

Coast Guard officials said the Ryuk infection caused "a disruption of the entire corporate IT network (beyond the footprint of the facility), disruption of camera and physical access control systems, and loss of critical process control monitoring systems."

The maritime facility -- believed to be a port authority -- was forced to shut down its entire operations for more than 30 hours, the Coast Guard said.

---

Original Submission

• Dumb, Dumb, Dumb. Dumb, Dumb, Dumb. (Score: 1) by Ethanol-fueled on Wednesday January 01 2020, @05:41PM (2 children)

  by Ethanol-fueled (2792) on Wednesday January 01 2020, @05:41PM (#938294) Homepage

  " USCG officials said they believe the point of entry was a malicious email sent to one of the maritime facility's employees. "

  Dumb.

  " Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor "

  Double-dumb.

• Re:Dumb, Dumb, Dumb. (Score: 2, Touché) by Anonymous Coward on Wednesday January 01 2020, @06:34PM

  by Anonymous Coward on Wednesday January 01 2020, @06:34PM (#938313)

  Dumb of them to run Windoze.

  Parent

• Re:Dumb, Dumb, Dumb. (Score: 3, Interesting) by RandomFactor on Wednesday January 01 2020, @07:04PM

  by RandomFactor (3682) on Wednesday January 01 2020, @07:04PM (#938323) Journal

  " USCG officials said they believe the point of entry was a malicious email sent to one of the maritime facility's employees. "

  Dumb.

  URL Sandboxing, Attachment Sandboxing, Outbound Browser sandboxing, automated post delivery threat removal, periodic link re-sandboxing, End-User polices etc. can be implemented to reduce dumb clicks. I suspect USCG has at least the obvious ones in place. (Their SPF and DMARC are in strict/reject mode, so at first blush they appear to be serious about things.)
   
  Strong Cyber Security awareness programs reduce the amount of clicking that goes on, they don't eliminate it. For large organizations if you can get the click rate on a decent phishing campaign down into the teens you are doing fantastic.
   
  Humans are a bell curve in most respects. If you have a hundred thousand employees that get something they shouldn't click on, a bunch of idjits are going to click on it -every time-
   
  In this case, I'll guess that they don't have remote browser isolation [wikipedia.org] in place. One click pwnage is exactly what it can prevent.

  --
  В «Правде» нет известий, в «Известиях» нет правды

  Parent