The cargo port is the latest US authority to be targeted by malicious hackers

A ransomware attack on the Port of San Diego caused major disruption this week when computers were taken offline by unknown actors.

Systems were left with “limited functionality” after the attack on the cargo port, authorities confirmed, with disruptions to both IT operations and to the loading and unloading of boats.

Some of the public services affected included issuing park permits and public record requests, though ship traffic and public safety were not affected.

A statement from CEO Randa Coniglio read: “The Port of San Diego has experienced a serious cybersecurity incident that has disrupted the agency’s information technology systems.

“It is important to note that this is mainly an administrative issue and normal port operations are continuing as usual.

“The port remains open, public safety operations are ongoing, and ships and boats continue to access the bay without impacts from the cybersecurity incident.

“While some of the port's information technology systems were compromised by the attack, port staff also proactively shut down other systems out of an abundance of caution.

“As previously stated, the investigation has detected that ransomware was used in this attack.”

The hackers demanded a ransom to be paid in Bitcoin, though the requested amount has not been revealed.

The FBI and Homeland Security are currently investigating the incident.

Held to ransom

This episode is the latest in a series of cybersecurity incidents across the US.

On March 22, a huge cyber-attack devastated Atlanta when SamSam ransomware crippled public offices across the city.

Court proceedings, warrant issuance, and online bill payments were just some of the services affected in the attack.

The Atlanta Police service was also impacted – it was later disclosed that “years” of footage from police dashcams were deleted in the attack.

Attackers had demanded $51,000 in Bitcoin to decrypt the data. The city refused in line with general advice never to pay a ransom – a decision that cost them dearly.

Recent figures estimate that it has cost Atlanta around $17 million to recover from the attack, though a full post-mortem report has yet to be released.

Against the grain

In mid-March, another ransomware attack took down Leominster school district in Massachusetts, freezing email networks and encrypting data on staff computers.

According to reports, police and Leominster schools Superintendent Paula Deacon negotiated with the hackers before agreeing to pay the ransom.

They handed over $10,000 and in turn ignored overwhelming advice from both the government and cybersecurity professionals.

“Any public offices that become victims of a ransomware attack should never pay a ransom unless [there is] an immediate life-threatening situation,” Joseph Carson, chief security scientist at Thycotic, told The Daily Swig.

“They should immediately involve law enforcement and seek legal advice on both its obligations and responsibility as a result of a major incident.”

Carson, who has previously headed security for government services such as the Northern Ireland Ambulance Service, said that it was up to authorities to protect themselves against attacks.

He added: “Ransomware is now a part of everyday life and is a serious threat to many organizations.

“Those organizations who provide critical services should ensure that they have taken the necessary protection and readiness to ensure their services have a reduced risk and can continue to operate.”