The U.S. Federal Bureau of Investigation and Department of Homeland Security have been called in to investigate a ransomware attack that has crippled the computer network of the Port of San Diego.
In a statement statement Wednesday, the Port Authority said that experienced “a serious cybersecurity incident that has disrupted the agency’s information technology systems.”
The attack was detected Tuesday. The Port Authority said it has mobilized a team of industry experts and local, regional, state and federal partners to minimize impacts and restore system functionality. A backup system run by the Harbour Police Department has been deployed while the Port Authority attempts to recover from the attack, meaning that San Diego residents can be confident that ships will not start crashing into each other.
Details of the form of ransomware were not forthcoming, but Reuters reported that the ransomware was demanding a payment in bitcoin for a key to decrypt the files being held hostage.
Caroline Seymour, director of product marketing at Zerto Ltd., told SiliconANGLE that we are seeing yet another ransomware attack against a key commercial hub.
“Like the attack back in March on the Atlanta airport, the port is likely faced with paying a ransom or losing valuable data,” she said. “A recent analyst study determined that 50 percent of surveyed organizations have suffered an unrecoverable data event in the last three years, and while preventing these attacks is not always possible, diminishing the threat is.”
She said taking a more dynamic, modern approach to business continuity and disaster recovery is critical. “Solutions utilizing continuous data protection and hybrid cloud DR can help organizations like the Port of San Diego better manage their IT infrastructures and achieve IT Resilience,” Seymour added, “so that downtime of more than mere seconds becomes a thing of the past — and cybercriminals can’t bring such a key cargo port to a standstill.”
Barry Shteiman, vice president of research and innovation at Exabeam Inc., noted that security experts often warn against paying ransoms or entering into negotiations, but it often boils down to simple economics.
“For example, if the cost of paying the ransom is less than the downtime caused by unavailable data, or by the backup restoration process, then organizations should pay,” he said. “By the same token, if the cost of giving up on the encrypted data is higher — both in lost revenue or intellectual property — than remediation would be, the company doesn’t have much choice but to pay up” as a last resort.
“To detect ransomware early enough to stop it, cybersecurity teams must understand the business models used by ransomware network operators, as well as have visibility into the kill chain of a ransomware attack, and how to detect and disrupt ransomware in corporate environments,” Shteiman added. “Armed with this information, analysts should be able to react faster in the unfortunate event their organization is hit with a ransomware infection.”
Photo: Port of San Diego/Flickr
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.
The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE: