Port of San Diego Hit by Cyberattack

Port of San Diego (file image)

Published Sep 27, 2018 7:07 PM by The Maritime Executive

The Port of San Diego has suffered a ransomware cyber attack affecting its IT systems, and federal law enforcement is investigating the source. The port says that the attack has affected its administrative functions related to park permits, public records requests, and business services, but has not interfered with normal seaport operations. The FBI and the Department of Homeland Security are involved in investigating the attack. 

"The Port remains open, public safety operations are ongoing, and ships and boats continue to access the Bay without impacts from the cybersecurity incident," port CEO Randa Coniglio said in an update Thursday.

The cyberattack involves the use of ransomware, as seen previously in the "NotPetya" attack on Maersk and APM Terminals last year. Coniglio said that the ransom demand for restoring service involves a payment in Bitcoin, as is typical for ransomware attacks. 

The port did not disclose the amount demanded for the ransom, but the cost can be steep. In recent infections with the "Ryuk" ransomware package, the ransom amount has been set at up to 35 Bitcoin (about $230,000), according to IT industry outlet ZDNet. 

Some ransomware packages are available as a service for enterprising hackers, but many past attacks have been traced to well-resourced state actors rather than independent groups. The WannaCry, Hermes and Ryuk campaigns have all been linked with North Korean hackers, while the "NotPetya" attack that spread to Maersk and APMT is believed to have originated with Russian espionage efforts in Ukraine. The U.S. Department of Justice has formally charged a member of North Korea's notorious Lazarus Group in connection with the WannaCry ransomware outbreak. 

Second port cyberattack in two weeks

A separate, unrelated attack hit the Port of Barcelona, Spain last week, and local media reported that it had an effect on cargo operations. The port warned on September 20 that delivery and reception of goods could be somewhat delayed. However, on Saturday, the port authority said that the attack had no effect to "seaside and land operations," only on internal "functionalities." It has not provided specifics about the nature of the attack.