Ports are exceptionally important to the economy. The shipping across the ocean brings a mass amount of containers with tons of goods, equipment, and other items for sale across the nation. Without this mode of transportation for tangible goods, the economy would slow significantly. These ports are located across the seaboards in the US and across the globe. As these are germane to a successful economy, the ports are natural targets. One such target was the port of San Diego.
Ransomware is alive and well. This was used to successfully compromise a portion of the port of San Diego’s systems. The port’s management reported the issue on September 25, 2018. Unfortunately for the port, this worked rather well. This was caught in time prior to the entire system becoming compromised.
The port is still completing a forensic review of the attack. There are still several unknown factors with the attack, which may come to light at a later point. Two points of information which would be pertinent would be the actual timing of the attack and the level of damage done to their system.
The port is presently working with the FBI and Department of Homeland Security. The port also reported this to the California Office of Emerging Services. This malware variant was similar to the ransomware experienced by the city of Atlanta with their ransomware attack.
With the port, there was more than one computer system affected. This wasn’t isolated to a desktop computer used for a simple spreadsheet. As a few of the systems were a victim of the ransomware, the operations to a certain extent were disrupted. The services primarily affected included park permits, public record requests, and business services. The port operations in this instance were not affected.
The attackers, as payment for the decrypt key, demanded payment in bitcoin. The amount, however, had not been published yet.
The port’s management viewed the compromise as merely an administrative issue. Yes, this was an administrative issue. The compromise, however, could easily be so much worse than what actually occurred. The ransomware easily could have spread through the system, shutting down the port or in the least a significant portion of the operations. One reason the compromise did not expand much further was the staff began to shut down systems as the ransomware began to spread.
This, unfortunately, is not the first time recently a port had been targeted and successfully attacked. Within a prior week of this incident, the port of Barcelona had also been targeted and successfully attacked. The present issue indicates lessons were not learned from the other’s misfortune.
Ransomware, while spreading through the business environment like a wildfire, has a limited number of vectors to leverage in the attack. The user has to act affirmatively in some form to invite the infection and subsequent compromise. To reduce the potential for this to occur, there needs to be additional and regular training focusing on what to look for with phishing and other attacks.
Abrams, L. (2018, September 28). Port of san diego affected by a ransomware attack. Retrieved from https://www.bleepingcomputer.com/news/security/port-of-san-diego-affected-by-a-ransomware-attack/
BBC News. (2018, September 28). San diego port hit by ransomware attack. Retrieved from https://www.bbc.cm/news/technology/45677511
Cameron, D. (2018, September 27). Ransomware behind port of san diego cyberattack. Retrieved from https://gizmodo.com/ransomware-behind-port-of-san-diego-cyberattack-offici-1829370504
Castaneda, T. (2018, September 26). Port of san diego issues statement on cybersecurity incident. Retrieved from https://www.portofsandiego.org/press-releases/general-press-releases/port-san-diego-issues-statement-cyberseucrity-incident
Cimpanu, C. (2018, September 27). Port of san diego suffers cyber-attack, second port in a week after barcelona. Retrieved from https://www.zdnet.com/article/port-of-san-diego-suffers-cyber-attack-second-port-in-a-week-after-barcelona/
Dark Reading. (2018, September 27). Ransomware attack hits port of san diego. Retrieved from https://www.darkreading.com/attacks-breaches/ransomware-attack-hits-port-of-san-diego/d/d-id/1332924
Fred, B. (2018, September 27). Port of san diego recovering from ransomware attack. Retrieved from https://statescoop.com/port-of-san-diego-recovering-from-ransomware-attack
Hand, M. (2018, September 28). Port of san diego hit with ransomware attack. Retrieved from http://www.seatrade-maritime.com/news/americas/port-of-san-diego-hit-with-ransomware-attack.html
Marex. (2018, September 27). Port of san diego hit by cyberattack. Retrieved from https://www.maritime-executive.coom/article/port-of-san-diego-hit-by-cyberattack
Morse, J. (2018, September 28). Ransomware attack hits port of san diego. Retrieved from https://mashable.com/article/port-san-diego-ransomware/#ReFBHAPmtPql
Nguyen, A. (2018, September 27). Port of san diego hit with ransomware: Hackers demand payment in bitcoin. Retrieved from https://www.nbcsandiego.com/news/local/Port-of-San-Diego-Hit-with-Ransomware-Hackers-Demanded-Payment-in-Bitcoin-494548991.html
Ponting, B. (2018, September 27). Port of san diego hit by ‘ransomware’ cyberattack. Retrieved from https://fox5sandiego.com/2018/09/27/port-of-san-diego-hit-by-ransomware-cyberattacks/
Reuters. (2018, September 27). Port of san diego hit by ransomware attack. Retrieved from https://www.reuters.com/articles/us-usa-cyber-port/port-of-san-diego-hit-by-ransomware-attack-idUSKCN1M72WZ
Schwartz, M.J. (2018, September 28). Ransomware crypto-locks port of san diego IT systems. Retrieved fromhttps://www.bankinfosecurity.com/ransomware-crypto-locks-port-san-diego-systems-a-11571
Stone, K. (2018, September 27). Ransomware attack on port of san diego demanded bitcoin payment. Retrieved from https://timesofsandiego.com/business/2018/09/27/ransomware-attack-on-port-of-san-diego-demanded-bitcoin-payment/
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!