The entire network was down for 30 hours after ransomware interrupted camera and physical access control systems
Forensic analysis is currently ongoing but the virus, identified as “Ryuk” ransomware, may have entered the network of the MTSA facility via an email phishing campaign. Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility’s access to critical files.
This file encoding led to the controlled access to sensitive files, according to USCG – the U.S Coast Guard security alert published before Christmas.[3] The incident is still under the investigation, but it is already known that all the operations got shut down for more than 30 hours, but…