US Coast Guard suffers Ryuk ransomware infection
In early December, the US Coast Guard issued an information security alert apparently related to a ransomware attack that compromised some major computer systems at several federal maritime facilities. The names of the affected stations have not been revealed.
The investigation is still ongoing, so details about the attack are still unknown, although a source close to this process claims that federal authorities have attributed the attack to a group of threat actors operating with the dangerous ransomware variant Ryuk. In addition, it is mentioned that the attack would have started with a phishing email, which contained an attached link that redirected the victim to a malware infested site.
After the target employee interacted with the
received link, the ransomware began infecting the Coast Guard’s corporate
networks, including monitoring and transferring charges systems. Areas of
administrative operations were also affected by the incident, as mentioned by information
security experts.
The security alert issued by this branch of the
US Armed Forces mentions that: “the impact of the incident includes
disruption of operations across the corporate network, physical access control
systems, security cameras, and impact on critical monitoring systems”.
Over a full day nearly all operations remained
shutdown, this as part of the Coast Guard information security incident
recovery process; in addition to the identity of the attackers, data such as
the amount of the ransom demanded or the exact date on which the incident
occurred are still unknown.
This is the second time in the year the Coast
Guard issues an alert related to cybersecurity issues. Last July, a special
Coast Guard team investigated an information security incident on an
international vessel. On that occasion the computer networks of the ship were
infected with a variant of malware that compromised some non-critical
functions.
Another incident dates back to September 2018,
when jointly with the FBI, the Coast Guard began investigating a ransomware
infection that affected some systems in the Port of San Diego, California.
Although Ryuk has been active for less than two
years, it has become a serious threat to the security of large companies,
government agencies, local governments and even some individuals, as reports
from the International Institute of Cyber Security (IICS) mention.
One of the most recent attacks attributed to
Ryuk was reported in New
Orleans, where local agencies called on local government to declare a
state of emergency due to severe failures generated by the infection, which
compromised more than 450 3 thousand 500 endpoints in less than 48 hours.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
(function(d, s, id){
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) {return;}
js = d.createElement(s); js.id = id;
js.src = "http://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.6";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.2';
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));
Source link
Gloss