Port of San Diego says ransomware responsible for ‘serious cybersecurity incident’

September 28, 2018

Ransomware has infected computers used by the Port of San Diego, disrupting operations at the southern California shipping hub and attracting the attention of federal authorities.

The FBI and Department of Homeland Security are investigating a “serious cybersecurity incident” involving a ransomware attack affecting the Port of San Diego, its president and chief executive said Thursday.

“While some of the Port’s information technology systems were compromised by the attack, Port staff also proactively shut down other systems out of an abundance of caution,” Randa Coniglio said in a written statement.

The incident is “mainly an administrative issue,” Ms. Coniglo continued, impacting operations related to park permits, public records requests and business services.

“The Port remains open, public safety operations are ongoing, and ships and boats continue to access the Bay without impacts from the cybersecurity incident,” she added.

The FBI and DHS did not immediately return messages seeking comment.

The Port of San Diego first publicly disclosed the incident on Wednesday, a day after it was initially detected, and Ms. Coniglo said that investigators subsequently determined that the attack involved ransomware, referring to a type of malicious software that typically renders a computer inoperable until its perpetrator receives a payment.

Port computer infected with the ransomware requested payment in the form of Bitcoin, a digital cryptocurrency, Ms. Coniglo said Thursday, albeit without disclosing the specific amount sought.

The Port of San Diego covers 34 miles along San Diego Bay spanning five cities, and includes cargo and cruise terminals in addition to hotels, restaurants, marinas, museums and 22 public parks, according to its website.

Other high-profile victims of recent ransomware infections include the city of Atlanta’s computers and Baltimore’s emergency dispatch system, both hacked in March.

A report published the following month by Verizon Communications, meanwhile, found that ransomware accounted for 39 percent of all malware-related infections spotted during 2017.

“To detect ransomware early enough to stop it, cybersecurity teams must understand the business models used by ransomware network operators, as well as have visibility into the kill chain of a ransomware attack and how to detect and disrupt ransomware in corporate environments,” said Barry Shteiman, vice president of research and innovation at Exabeam, a Silicon Valley-based cybersecurity company. “Armed with this information, analysts should be able to react faster in the unfortunate event their organization is hit with a ransomware infection.”

Update hourly