The officials of the U.S. Coast Guard (USCG) recently disclosed a Ryuk ransomware infection that took down the entire corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility for more than 30 hours. The authorities stated the ransomware interrupted the camera and physical access control systems.
It’s believed that a malicious email sent to one of the maritime facility’s employees was the entry point for the ransomware infection, according to USCG officials.
“Forensic analysis is currently ongoing but the virus, identified as Ryuk ransomware, may have entered the network of the MTSA facility via an email phishing campaign,” USCG said in a statement.
Once an employee clicks the embedded malicious link in the email, the ransomware corrupts the enterprise IT network files, encrypts them, and prevents the facility’s access to critical files. The officials stated that the incident impacted the facility’s IT network, industrial control systems that monitor, and control systems of cargo transfer operations.
“The virus further burrowed into the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations. The impact to the facility included disruption of the entire corporate IT network (beyond the footprint of the facility), disruption of camera and physical access control systems, and loss of critical process control monitoring systems. These combined effects required the company to shut down the primary operations of the facility for over 30 hours while a cyber-incident response was conducted,” the statement added.
Numerous companies and state governments have been plagued by ransomware attacks. Recently, Virtual Care Provider, a technology services provider for nursing homes and acute care sites, was hit with a Ryuk ransomware attack that seized access to patients’ health records. The Milwaukee-based company reported that unknown attackers injected ransomware inside its network systems.
The company stated that hackers demanded US$14 million to restore access to its hijacked servers. Virtual Care Provider said around 110 nursing homes across the country were unable to access their patient records, to use the Internet, pay employees, and order crucial medications.
According to the Chief Executive and owner of Virtual Care, Karen Christianson, the incident affected 80,000 computers and other facilities, including Internet service and email, access to patient records, client billing, phone systems, and payroll operations.