The US Coast Guard (USCG) has issued a marine safety bulletin confirming a recent ransomware attack at a Maritime Transportation Security Act (MTSA) regulated facility, which locked users out of access to critical files and saw the infection move beyond the local facility and into wider corporate networks.
MTSA regulated facilities include ports, vessels and offshore platforms, though the specific facility affected by the attack has not been named.
Forensic analysis of the incident is currently ongoing, USCG says, but the virus, identified as the ‘Ryuk’ ransomware, is thought to have entered the facility’s network via an e-mail phishing campaign, with an employee clicking an embedded malicious link in the email and granting access to network files, which were then encrypted.
The virus was also able to gain access to the industrial control systems that monitor and control cargo transfer at the facility and encrypted files critical to process operations, according to the Coast Guard.
The impact of the attack included a disruption of the entire corporate IT network, stretching beyond the footprint of the facility itself, with disruption of camera and physical access control systems, and loss of critical process control monitoring systems.
These combined effects required the company to shut down the primary operations of the facility for over 30 hours while a cyber-incident response was conducted, USCG says.
The safety bulletin issued by USCG outlines a number of suggested measures to prevent or mitigate damage from incidents like these, and recommends adherence to the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and NIST Special Publication 800-82 when implementing a Cyber Risk Management Programme.
Specific highlighted measures include the adoption of intrusion detection and prevention systems to monitor real-time network traffic, the use of up to date industry standard virus detection software, and centralised and monitored host and server logging.
The bulletin also recommends network segmentation to prevent IT systems from accessing Operational Technology (OT) environments, and maintenance of consistent backups of all critical files and software.
“The Coast Guard urges maritime stakeholders to verify the validity of the email sender prior to responding to or opening any unsolicited email messages. Additionally, facility owners and operators should continue to evaluate their cyber-security defence measures to reduce the effect of a cyber-attack,” USCG said.