A cybersecurity incident at the Port of San Diego was first announced on Tuesday, September 25, 2018, but CEO Randa Coniglio announced on September 27, 2018, that the event was actually a ransomware attack on the port, which oversees more than 34 miles of coastline along San Diego Bay.
The port remains open, but the attack has disrupted the agency's information technology systems. According to the press release, the port is working with the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) on the investigation and remains in close communication and coordination with the U.S. Coast Guard.
Normal port operations continued despite the attack on the network systems. “Public safety operations are ongoing, and ships and boats continue to access the bay without impacts from the cybersecurity incident. While some of the port's information technology systems were compromised by the attack, port staff also proactively shut down other systems out of an abundance of caution,” Coniglio continued.
The attack has caused temporary impacts on some services to the public, including park permits, public records requests, and business services. A ransom note demanded payment in Bitcoin, though the port has not disclosed the amount requested by the cybercriminals. No additional information on whether the port has paid the ransom or has retrieved access to any encrypted files is available at this time.
"The Port of San Diego malware infiltration and subsequent ransomware demand is just the latest example of a local government entity (and critical infrastructure) being disrupted by ransomware, rendering employees unable to access enterprise applications and do their jobs,” said Sherban Naum, senior vice president for corporate strategy and technology at Bromium.
“Unfortunately, it’s no longer a case of if a breach will occur, but when, and how quickly federal agencies can get systems back up and running. Government – whether local, state or federal – needs to stop playing catch up and supplement layered defenses with virtualization, protecting by design by isolating threats in a virtual environment. Only by isolating undetectable threats as a part of life and limiting the damage and profits that can made by them will we start to see the tide turn. This will keep employees productive and prevent ransomware from putting organizations at risk on the stormy seas of the threat environment.”