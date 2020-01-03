FILE – In this June 19, 2019, file photo cargo ships are docked at the Port of Los Angeles in Los Angeles. (AP Photo/Marcio Jose Sanchez, File)

WASHINGTON, D. C. (KXAN) — The U.S. Coast Guard reports a maritime facility that is regulated by the Maritime Transportation Security Act (MTSA) has been targeted by a ransomware attack in combination with an email phishing campaign.

The Coast Guard has not given the name of the facility, but said the attack affected control systems that monitor and control cargo transfer, as well as camera systems.

The ransomware virus, identified as “Ryuk ransomware,” likely gained access to the facility’s network by a phishing attempt when an employee clicked an embedded link in an email, according to the report.

In cybersecurity, “phishing” is the term used to describe an attempt by a malicious actor to trick or confuse another person to divulge sensitive information or follow through with actions that would make that person vulnerable to attack.

“Ransomware” is a type of trojan virus that encrypts files on a system with a passcode that only the attacker knows, rendering the files unaccessible to the targeted victim’s system. A “read me” file is then added to the directory containing the encrypted files with a message promising to unencrypt the files if the victim pays a ransom. Due to the nature of malicious actors, there is no guarantee that the files will be restored to their original state.

The Coast Guard says after the employee clicked the link in the phishing email the ransomware was able to access significant enterprise Information Technology (IT) network files, encrypt them and prevent the facility’s access to critical system files.

The virus further burrowed into the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations. Charles Blackmore, U.S. Coast Guard

The attack also affected the corporate IT network reaching outside of the “footprint of the facility,” disruption to camera systems and physical control systems causing the company to shut down primary operations for over 30 hours, the report says.

The Coast Guard says some effects on the facility were prevented and likely limited by the use of intrusion detection and prevention systems monitoring network traffic, virus detection software, network segmentation preventing systems from accessing the affected networks and consistent software backups of critical files and software.

More information on ransomware-related best practices can be found on the Cybersecurity and Infrastructure Security Agency (CISA) resource page.

The U.S. Coast Guard encourages suspicious activity and security breaches to be reported to the National Response Center at (800) 424-8802. Guidance for defining and reporting cyber incidents can be read in Department of Homeland Security memo, “Reporting Suspicious Activity and Breaches of Security.“