• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Malware » US Coast Guard Says Port Attacked by Ryuk Ransomware

US Coast Guard Says Port Attacked by Ryuk Ransomware

2019-12-30 by Michelle Dvorak

Coast Guard Ryuk Ransomware

U.S. Coast Guard Says Ryuk Ransomware Shut Down Maritime Facility for Over 30 Hours

The United States Coast Guard reported a ransomware attack at a Maritime Transportation Security Act (MTSA) regulated facility. The malware attack caused the port to shut down for over 30 hours while it restored control of IT systems and equipment at the facility.

The Coast Guard bulletin did not specify the type of facility or its name. Since the bulletin mentions that ransomware attacked the cargo transfer industrial control systems it is assumed the facility is a port. The Coast Guard Bulletin mentioned that the attack affected the entire corporate network and its damage extended beyond the footprint of the facility, which is assumed to be a port authority.
Ports are known to be vulnerable to ransomware attacks, especially because data is often transferred on ships through a USB flash drive. In September 2018, were the ports of San Diego, US and Barcelona, Spain were both infected with Ryuk Ransomware within five days of each other.

READ: US Military Supplier Caught Selling Chinese Hardware

The ransomware attack, believed to be Ryuk Ransomware, was sent to a maritime facility employee in an email phishing campaign. After the employee clicked on a link in the malicious email, Ryuk ransomware was able to infect and lock up the entire corporate IT network of at the facility.

The Ryuk ransomware infection caused a disruption of the facility’s cameras, physical access control systems, and critical process control monitoring systems. The malware spread through the facility’s IT network and even impacting industrial control systems.

What is Ryuk Ransomware?

Ryuk Ransomware first appeared in the middle of August 2018 in cyberattacks against major global organizations in the United States and Russia. Ryuk Ransomware is a data encryption Trojan which is not especially technically complex as far as malware is concerned. Ryuk operates similarly to HERMES ransomware which is attributed to a state-sponsored North Korean APT group known as Lazarus.

What differentiates Ryuk Ransomware from other malware if the high ransom demands to release control of infected files and systems. The ransom amount is generally proportional to the size of the infected organization. So far, Ryuk has netted about $4 million with an average ransom payment of $71,000 in Bitcoin. As of January 2019, the lowest ransom amount was 1.7 BTC and the highest was 99 BTC. There were 52 known transactions split across 37 BTC addresses.

Over 1,039 schools across the United States have been infected by a ransomware attack, not all of them were Ryuk Ransomware though. Major cities were hit hard as well. Baltimore, Maryland was shut down for 36 days and three cities in Florida were completely paralyzed by ransomware attacks in 2019. Most recently, the City of New Orleans was infected with Ryuk Ransomware during the first half of December.

READ: Get a Free Credit Report for Military Service Members

The average ransomware takes only three seconds to encrypt files or lock access to a computer. A computer user gets infected with ransomware when they unknowingly click on a malicious link in a phishing email, save a malicious file from a USB flash drive, or malware is downloaded to their computer from a fraudulent website. Often a malicious malware downloads more malware and spreads across every computer connected to the same network. In some cases, Emotet and Trickbot infections have also been identified on IT networks targeted by Ryuk.

Ryuk Ransomware infects computers through Remote Desktop (RDP) Accounts and macro-enabled DOCX and PDF files.

How Does Ransomware Spread?

Ransomware is often spread through phishing emails or spear phishing emails that contain links to malicious files or websites. When the recipient clicks on a malicious attachment, the file may begin a malware download to their computer. When a phishing email recipient clicks on a link that goes to a spoof website, they may be prompted to enter in login credentials or begin a malicious download from the fraudulent website.

Often ransomware attacks begin with a social engineering attack where the hacker attempts to get personal details about the target so they can tailor the phishing email and make it seem more familiar and more believable. Malware may also be spread through social media and messaging apps.

How to Protect Yourself Against Ransomware Attacks

Corporations should utilize the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and NIST Special Publication 800-82 when implementing a Cyber Risk Management Program.

  1. Verify the validity of any email sender before replying to or taking any action like clicking on a link
  2. Do not open unsolicited emails
  3. Never send any sensitive information in an email, e.g. passwords, credit card numbers, or personal information
  4. Do not respond to any inbound requests for username, password reset, or technical support. Hackers may begin an attack with a simple phone call to get the correct name of the person to send a phishing email to
  5. Maintain regular back-ups of all critical files and software
  6. Use industry standard and up to date virus detection software

Filed Under: Malware Tagged With: Ryuk

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version