Dive Brief:
- The Port of San Diego fell victim to a cyberattack last week, which the FBI and Department of Homeland Security are currently investigating.
- The port indicated the ransomware attack is mainly an administrative problem and the port is open and operating as usual. Shipping traffic still can access the port and public safety operations are continuing. The public services affected are permits, public records requests and business services.
- The port received a ransom note seeking payment in Bitcoin, but authorities will not say how much the attackers requested.
Dive Insight:
This attack is the latest in a string aimed at taking down public entities' operations or infrastructure. A similar ransomware attack hit the Port of Barcelona in Spain days before the San Diego incident. Atlanta did not pay hackers during its ransomware attack earlier this year, and the city experienced a widespread shut-out from many of its internal and external functions, from the basic outward-facing website, to resident bill paying capabilities, to years worth of police dashcam video getting wiped out.
The Port of San Diego said in a statement that staff proactively shut down some systems that weren't actually affected by the attack to prevent them from becoming the next targets. Ransomware attacks threaten systems because hackers try to hold hostage the victim's network of computers unless they receive a ransom payment. Like Atlanta, public entities frequently will not pay the ransom for a variety of reasons, including local or federal protocol not to pay or a lack of resources.
Cities and municipally-tied entities realize the increasing threat from ransomware and other various cyberattacks, and they're taking better preventative measures as well as increased training for potential attacks. This summer, Houston carried out a large-scale, three-day cyberattack training exercise, and the Manhattan, NY district attorney encouraged cities to work together to achieve greater cyber protections.
Collaborative prevention is a critical buffer because hackers often try to cause the most widespread damage as possible to get what they want, such as targeting a major supply chain hub — the Port of San Diego — that could have ripple effects throughout a variety of industries. Port attacks can bring the movement of goods to a halt in the targeted country, but they could also slow or stop operations in any country that ships goods to or from the affected port. Ransomware attacks can cause greater panic than other types of cyberattacks such as data breaches because of the level of crippling disruption they cause.
The two recent port cyberattacks, plus one in Long Beach, CA, are cause for concern, especially because, as ZDNet reports, port authorities and individual ships are considered relatively easy to hack.