The FBI and the U.S. Department of Homeland Security are investigating a ransomware attack that affected at least some of the information systems belonging to the Port of San Diego.
Port officials first reported the attack on Tuesday. Port of San Diego CEO Randa Coniglio said in a written statement that its investigation of the incident is ongoing. As quoted by FOX 5:
The Port of San Diego continues to investigate a serious cybersecurity incident that has disrupted the agency’s information technology systems, and the Port’s investigation so far has determined that ransomware was involved in this attack. The Port has mobilized a team of industry experts and local, regional, state and federal partners to minimize impacts and restore system functionality, with priority placed on public safety-related systems.
Through this investigation, the Port determined that the ransomware attack had affected systems used by Harbor police and computers used by Port employees for fulfilling public services like park permits and public records requests, reported Reuters. Officials also identified a ransom note left by the attackers, but they declined to publicly disclose the details of that message.
Coniglio stated that the team of investigators was still in the process of determining when the attack took place and how much damage it might have caused.
Security analysts told the San Diego Union-Tribune that the attack is in some ways similar to a ransomware infection suffered by the city of Atlanta earlier in 2018. In that attack, ransomware took down several customer-facing systems employed by the city, including bill payment applications, and even wiped wiped out years of dashcam footage generated by the Atlanta Police Department. Recent estimates suggested the infection could cost a total of $17 million to clean up.
Given the disruption and costs caused by crypto-malware, organizations have an incentive to prevent a ransomware attack in the first place. Here are some tips to get them started.