Port of San Diego, The Newest Victim of Ransomware Attack

It is well known that cybercriminals want to profit from their activities, regardless of who or what will be the victim. The most recent victim of their ransomware is Port of San Diego, as confirmed by Randa Coniglio, its CEO. Port San Diego has secured the help of both Federal Bureau of Investigation and Department of Homeland Security. “The Port of San Diego continues to investigate a serious cybersecurity incident that has disrupted the agency’s information technology systems, and the Port’s investigation so far has determined that ransomware was involved in this attack. Port employees continue to have limited functionality which may have temporary impacts on service to the public, especially in the areas of park permits, public records requests, and business services. No further information is available at this time; updates will be provided as information is available.” explained Randa Coniglio, Port of San Diego’s CEO.

Coniglio has not disclosed the details of the ransomware attack, but it somehow resembles the NotPetya ransomware attack against Maersk shipping company earlier. Tanya Castaneda, a port information officer gave assurance that more information will be released in due time: “Because of the ongoing investigation we have to be very careful about what we release and so our statement is all that we can provide at this time.”

Coniglio has not disclosed the details of the ransomware attack, but it somehow resembles the NotPetya ransomware attack against Maersk shipping company earlier. Tanya Castaneda, a port information officer gave assurance that more information will be released in due time: “If the cost of paying the ransom is less than the downtime caused by unavailable data, or by the backup restoration process, then organizations should pay. By the same token, if the cost of giving up on the encrypted data is higher — both in lost revenue or intellectual property — than remediation would be, the company doesn’t have much choice but to pay up.”

Coniglio is very confident that the issue will soon be resolved, and its cause will be determined in order to prevent future similar events. “The port has mobilized a team of industry experts and local, regional, state and federal partners to minimize impacts and restore system functionality. The team is currently determining the extent and timing of the incident and the amount of damage to information technology resources, and developing a plan for recovery. The Port remains open, public safety operations are ongoing, and ships and boats continue to access the Bay without impacts from the cybersecurity incident,” added Coniglio.

Basic port services that are affected are processing of public records and park permits. Ransomware is very common these days, usually targeting corporate entities that hold a lot of personally identifiable information stored in their vulnerable PCs. ESET, a mainstream antimalware vendor has expressed its option in connection with the San Diego Port ransomware attack. “So every company is using computers out on the internet, and if there’s a bad actor, I can find one of those, guess the password, break into it. I can then use that as my platform to carry out an attack on the organization,” said Stephen Cobb, ESET’s Sr. Security Researcher.