U.S Coast Guard operations taken down due to Ryuk ransomware infection

The entire network was down for 30 hours after ransomware interrupted camera and physical access control systems

According to sources, the phishing email was used to allow the virus on the network of a Maritime Transportation Security Act (MTSA) regulated facility.^[1] Once the malicious link was clicked by the employee, Ryuk ransomware^[2] was loaded on the system and quickly encrypted the data. The official Marine Safety Information Bulletin has stated:

Forensic analysis is currently ongoing but the virus, identified as “Ryuk” ransomware, may have entered the network of the MTSA facility via an email phishing campaign. Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility’s access to critical files.

This file encoding led to the controlled access to sensitive files, according to USCG – the U.S Coast Guard security alert published before Christmas.^[3] The incident is still under the investigation, but it is already known that all the operations got shut down for more than 30 hours, but…