A regional port in western US is the latest maritime victim of a cyber attack, with services disrupted at a key transportation hub
Port of Kennewick has been forced to rebuild the port’s digital files from offline backups after being struck by ransomware. Cyber criminals locked the port administration out of its own server, bypassing firewalls and antivirus software.
In reaction, Port of Kennewick is unable to use these servers, while its technology team takes actions to resolve, restore and re-establish port functions as quickly as possible.
“However, this is a significant process and it will take time to restore port data in a manner which ensures additional redundancies, security, and protection,” said the port.
Cyber criminals circumvented Port of Kennewick’s IT security and placed an extremely sophisticated encryption lock on the port’s server. They then demanded US$200,000 in ransom to restore access to the port’s servers and files.
“This was a differentiated cyber attack with sophisticated, military-grade encryption focused on locking the port’s servers and holding those servers hostage to leverage a ransom,” said the port.
It is confident no individual data has been compromised as the virus focused on locking the port servers instead of accessing data or information located within those servers.
Port of Kennewick reported this ransom threat to the Federal Bureau of Investigation (FBI) and Washington State Office of Cyber Security. According to these agencies, this variant of ransomware virus has no known decoder.
Following direction from the FBI and technology professionals, Port of Kennewick will not pay a ransom, “as it would be using public funds and there is no guarantee an encryption key would be received after payment”, the port said.
Instead, the port’s technology team is working with the FBI, following industry protocols, and working to re-establish functionality for the Port of Kennewick’s technology systems. “They are rebuilding the port’s digital files from offline backups, and working to restore the port’s email server, which is currently offline,” said the port.
The port highlighted the security measures it had in place when the cyber criminals struck.
It had conducted regular upgrades to the port’s servers and antivirus. The port ran regular scans and updates to ensure appropriate systems were functional and secure.
In another layer of protection, the port contracted an independent consultant to oversee and advise the port on its technology and IT systems.
This person works with, but operates separately from the port’s IT contractor and answers directly to the port to provide an additional layer of understanding, guidance, and oversight related to port systems and technology.
Port of Kennewick is up the Columbia River 290 km southeast of Seattle.
This attack comes as more maritime infrastructure and ship operators are affected by cyber crime. According to industry professionals, there has been a 300% increase in cyber attacks since the beginning of the Covid-19 pandemic.
Maritime cyber victims include major container lines such as MSC and CMA CGM, cruise ship owner Carnival and IMO’s offices and servers.
Riviera is producing a range of technical and operational webinars and virtual events with the industry’s foremost experts. Sign up to attend on our events page