It has not been smooth sailing for the Port of San Diego’s IT department this week following a cybersecurity breach.
In a statement, the Port of San Diego has disclosed that its computer systems were hit by a ransomware attack with the attackers demanding to be paid in bitcoin before they can decrypt files. According to the chief executive officer of the port, Randa Coniglio, the breach which was initially reported on September has led to the disruption of the IT systems of the agency. While acknowledging that the cybercriminals demanded ransom Coniglio did not reveal how much they were asking for.
“As previously stated, the investigation has detected that ransomware was used in this attack,” said Coniglio in a statement. “The Port can also now confirm that the ransom note requested payment in Bitcoin, although the amount that was requested is not being disclosed.”
FBI and DHS Now Involved
Perhaps an indication of the seriousness of the incident, the port facility located in San Diego County, California has called in the U.S. Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). The port is also closely communicating and coordinating with the U.S. Coast Guard.
While the IT systems of the port which handles nearly three million tons of cargo annually have been disrupted with some of them being proactively shut down out of caution, operations at the facility are going on normally with a few exceptions.
“The temporary impacts on service to the public are in the areas of park permits, public records requests, and business services,” added Coniglio.
Despite reports suggesting that cybercriminals are embracing cryptojacking malware at the expense of ransomware, incidents of the latter are still common though they have fallen by around 22.5% according to Kaspersky Labs, as CCN recently reported:
“The total number of users who encountered ransomware fell by almost 30%, from 2,581,026 in 2016-2017 to 1,811,937 in 2017-2018.”
Earlier this month, for instance, Midland, a Canadian town in the province of Ontario disclosed that it had paid ransom in bitcoin in order to obtain encryption software from hackers who had infiltrated its computer network. While regretting that it had given in to cybercriminals, authorities in Midland argued that they had been left with no other option.
Additionally, the servers of Professional Golfers Association (PGA) of America were last month compromised by hackers who decrypted files consisting mostly of creative materials meant for use in print and digital marketing communications. At the time the golfing body indicated that it would not pay the ransom.
But while some ransomware creators, such as those who targeted the PGA, may fail to hit pay dirt, this has not been the case with the makers of the SamSam ransomware who are estimated to have obtained bitcoins worth more than US$6 million since late 2015 per Sophos, a cybersecurity firm.