Ransomware infection led to a disruption of camera and physical access control systems, and loss of critical process control monitoring systems.
An infection with the Ryuk ransomware took down a maritime facility for more than 30 hours; the US Coast Guard said in a security bulletin it published before Christmas.
The agency did not reveal the name or the location of the port authority; however, it described the incident as recent.
"Forensic analysis is currently ongoing but the virus, identified as 'Ryuk' ransomware," the US Coast Guard (USCG) said in a security bulletin meant to put other port authorities on alert about future attacks.
Point of entry: phishing email
USCG officials said they believe the point of entry was a malicious email sent to one of the maritime facility's employees.
"Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility's access to critical files," the agency said.
Read the full story.