{
	"id": "415fba9c-2729-49df-a1ac-f79df4b4f0c8",
	"created_at": "2026-04-06T00:17:29.402421Z",
	"updated_at": "2026-04-10T03:20:16.508623Z",
	"deleted_at": null,
	"sha1_hash": "046874000f07bc517b0aa8720551efd7d6f898ae",
	"title": "US Coast Guard discloses Ryuk ransomware infection at maritime facility",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 38929,
	"plain_text": "US Coast Guard discloses Ryuk ransomware infection at maritime\r\nfacility\r\nBy Written by Catalin Cimpanu, ContributorContributor Dec. 29, 2019 at 10:00 p.m. PT\r\nArchived: 2026-04-05 19:10:44 UTC\r\nSee als\r\nAn infection with the Ryuk ransomware took down a maritime facility for more than 30 hours; the US Coast\r\nGuard said in a security bulletin it published before Christmas.\r\nThe agency did not reveal the name or the location of the port authority; however, it described the incident as\r\nrecent.\r\n\"Forensic analysis is currently ongoing but the virus, identified as 'Ryuk' ransomware,\" the US Coast Guard\r\n(USCG) said in a security bulletin meant to put other port authorities on alert about future attacks.\r\nPoint of entry: phishing email\r\nUSCG officials said they believe the point of entry was a malicious email sent to one of the maritime facility's\r\nemployees.\r\n\"Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat\r\nactor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the\r\nfacility's access to critical files,\" the agency said.\r\nThe USCG security bulletin describes a nightmare scenario after this point, with the virus spreading through the\r\nfacility's IT network, and even impacting \"industrial control systems that monitor and control cargo transfer and\r\nencrypted files critical to process operations.\"\r\nCoast Guard officials said the Ryuk infection caused \"a disruption of the entire corporate IT network (beyond the\r\nfootprint of the facility), disruption of camera and physical access control systems, and loss of critical process\r\ncontrol monitoring systems.\"\r\nThe maritime facility -- believed to be a port authority -- was forced to shut down its entire operations for more\r\nthan 30 hours, the Coast Guard said.\r\nIncrease in maritime cyber threats\r\nThe agency's security bulletin includes basic advice for preventing infections with the Ryuk ransomware. The\r\nCoast Guard published the advisory on December 16 in an attempt to broadcast the event to as many maritime\r\nfacilities as fast as possible and get them to deploy countermeasures before they were targeted as well.\r\nhttps://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/\r\nPage 1 of 2\n\nThe alert does not detail a novel threat. Port authorities and ships have long been considered easy to hack, and\r\nransomware gangs have targeted ports in the past.\r\nIn July 2018, there was a ransomware attack that was initially reported as an infection affecting the Long Beach\r\nPort. The infection was later tracked down and isolated to the port terminal of the China Ocean Shipping\r\nCompany (COSCO), one of the largest shipping companies in the world.\r\nIn September 2018, the ports of San Diego (US) and the port of Barcelona (Spain) reported ransomware infections\r\nwithin five days of each other. Both incidents were later revealed to have been caused by the same Ryuk\r\nransomware.\r\nA report published in December 2018 by a conglomerate of 21 international shipping associations and industry\r\ngroups highlighted an increase in cyber-security problems aboard ships and in ports, where investigators found\r\nransomware, USB malware, and worms, on numerous occasions.\r\nThis rise in cybersecurity threats to ships and ports has pushed the US Coast Guard to take notice and act\r\naccordingly. Starting this year, the US Coast Goard has begun issuing security alerts for cybersecurity-related\r\nthreats, and not only for physical damage, terrorism, or piracy issues.\r\nThis latest security bulletin is the third such alert the USCG sent out this year after sending the first two in May\r\nand July. These first two alerts were about malware designed to impact IT systems found aboard ships, rather than\r\na maritime facility.\r\nThe FBI's most wanted cybercriminals\r\nSecurity\r\nSource: https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/\r\nhttps://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/"
	],
	"report_names": [
		"us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility"
	],
	"threat_actors": [],
	"ts_created_at": 1775434649,
	"ts_updated_at": 1775791216,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/046874000f07bc517b0aa8720551efd7d6f898ae.pdf",
		"text": "https://archive.orkl.eu/046874000f07bc517b0aa8720551efd7d6f898ae.txt",
		"img": "https://archive.orkl.eu/046874000f07bc517b0aa8720551efd7d6f898ae.jpg"
	}
}