US Coast Guard suffers Ryuk ransomware infection

In early December, the US Coast Guard issued an information security alert apparently related to a ransomware attack that compromised some major computer systems at several federal maritime facilities. The names of the affected stations have not been revealed.

The investigation is still ongoing, so details about the attack are still unknown, although a source close to this process claims that federal authorities have attributed the attack to a group of threat actors operating with the dangerous ransomware variant Ryuk. In addition, it is mentioned that the attack would have started with a phishing email, which contained an attached link that redirected the victim to a malware infested site.

After the target employee interacted with the received link, the ransomware began infecting the Coast Guard’s corporate networks, including monitoring and transferring charges systems. Areas of administrative operations were also affected by the incident, as mentioned by information security experts.

The security alert issued by this branch of the US Armed Forces mentions that: “the impact of the incident includes disruption of operations across the corporate network, physical access control systems, security cameras, and impact on critical monitoring systems”.

Over a full day nearly all operations remained shutdown, this as part of the Coast Guard information security incident recovery process; in addition to the identity of the attackers, data such as the amount of the ransom demanded or the exact date on which the incident occurred are still unknown.

This is the second time in the year the Coast Guard issues an alert related to cybersecurity issues. Last July, a special Coast Guard team investigated an information security incident on an international vessel. On that occasion the computer networks of the ship were infected with a variant of malware that compromised some non-critical functions.

Another incident dates back to September 2018, when jointly with the FBI, the Coast Guard began investigating a ransomware infection that affected some systems in the Port of San Diego, California. 

Although Ryuk has been active for less than two years, it has become a serious threat to the security of large companies, government agencies, local governments and even some individuals, as reports from the International Institute of Cyber Security (IICS) mention. 

One of the most recent attacks attributed to Ryuk was reported in New Orleans, where local agencies called on local government to declare a state of emergency due to severe failures generated by the infection, which compromised more than 450 3 thousand 500 endpoints in less than 48 hours.