Carnival Reveals It Detected a Ransomware Attack on Its Systems

Published on August 18, 2020
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic

British-American cruise operator Carnival Corporation & plc revealed it had detected a ransomware attack on some of its IT systems.

carnival-corporation-logo-18-HR-fill-800x532-1.jpg

In a regulatory filing submitted to the U.S. Securities and Exchange Commission (SEC), Carnival revealed that it had detected a ransomware attack on August 15. A subsequent investigation revealed that the ransomware actors had succeeded in accessing and encrypting some of the corporation's IT systems as well as in downloading some of its data. It comes as no surprise that this ransomware attack involved data theft. Indeed, research into ransomware submissions for the second quarter of 2020 revealed that more than a tenth of crypto-malware infections involved some element of data theft. The activities of Netwalker, Maze, Nefilim and other crypto-malware gangs contributed to this finding. Carnival explained that it had notified law enforcement about the attack and that it had engaged with legal counsel. It went on to note that it had implemented several measures to reinforce the security of its IT systems and that it had begun working with digital security firms to help it respond to the incident. Even so, it did not provide insight into which strain of ransomware was responsible for the attack and whether it had paid the attackers for the return of its data. Per its regulatory filing, Carnival articulated its belief that the attack would not have a material impact on its business. It thought there could be some consequences, however:

Nonetheless, we expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies. Although we believe that no other information technology systems of the other Company’s brands have been impacted by this incident based upon our investigation to date, there can be no assurance that other information technology systems of the other Company’s brands will not be adversely affected.

The corporation's investigation was ongoing at the time of this writing.

Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!