UPDATED 23:40 EDT / SEPTEMBER 27 2018

INFRA

Feds called in as the Port of San Diego is crippled by a ransomware attack

The U.S. Federal Bureau of Investigation and Department of Homeland Security have been called in to investigate a ransomware attack that has crippled the computer network of the Port of San Diego.

In a statement statement Wednesday, the Port Authority said that experienced “a serious cybersecurity incident that has disrupted the agency’s information technology systems.”

The attack was detected Tuesday. The Port Authority said it has mobilized a team of industry experts and local, regional, state and federal partners to minimize impacts and restore system functionality. A backup system run by the Harbour Police Department has been deployed while the Port Authority attempts to recover from the attack, meaning that San Diego residents can be confident that ships will not start crashing into each other.

Details of the form of ransomware were not forthcoming, but Reuters reported that the ransomware was demanding a payment in bitcoin for a key to decrypt the files being held hostage.

Caroline Seymour, director of product marketing at Zerto Ltd., told SiliconANGLE that we are seeing yet another ransomware attack against a key commercial hub.

“Like the attack back in March on the Atlanta airport, the port is likely faced with paying a ransom or losing valuable data,” she said. “A recent analyst study determined that 50 percent of surveyed organizations have suffered an unrecoverable data event in the last three years, and while preventing these attacks is not always possible, diminishing the threat is.”

She said taking a more dynamic, modern approach to business continuity and disaster recovery is critical. “Solutions utilizing continuous data protection and hybrid cloud DR can help organizations like the Port of San Diego better manage their IT infrastructures and achieve IT Resilience,” Seymour added, “so that downtime of more than mere seconds becomes a thing of the past — and cybercriminals can’t bring such a key cargo port to a standstill.”

Barry Shteiman, vice president of research and innovation at Exabeam Inc., noted that security experts often warn against paying ransoms or entering into negotiations, but it often boils down to simple economics.

“For example, if the cost of paying the ransom is less than the downtime caused by unavailable data, or by the backup restoration process, then organizations should pay,” he said. “By the same token, if the cost of giving up on the encrypted data is higher — both in lost revenue or intellectual property — than remediation would be, the company doesn’t have much choice but to pay up” as a last resort.

“To detect ransomware early enough to stop it, cybersecurity teams must understand the business models used by ransomware network operators, as well as have visibility into the kill chain of a ransomware attack, and how to detect and disrupt ransomware in corporate environments,” Shteiman added. “Armed with this information, analysts should be able to react faster in the unfortunate event their organization is hit with a ransomware infection.”

Photo: Port of San Diego/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU