There have been some latest updates on the attack – Port of San Diego recovers. The cyberthreat in the attack was identified as a ransomware. Local, state, and federal personnel are aiding the port officials for finding the root cause behind the attack as well as assisting the ransomware removal and restoration processes. There are still a few systems in the IT infrastructure of the port that are not functioning.
The attack initially made it to the headlines on 25th September. At that time, the IT systems belonging to the administrative department were revealed to be the biggest victims of the attack. As a result, permits for parking could not be processed via internet and public requests required a greater period of time for processing.
Fortunately, the traffic related to cruise and cargo ships could not be disrupted due to the attack. The Chief Executive of the port, Randa Coniglio, stated that the port processed requests from 17 ships –– both cruise and cargo. Additionally, operations for public safety and payroll processing were functioning as good as they used to work before the attack. Due to the impact of the attack on the port’s internal structure, Coniglio assured that clients would receive usual services and their data and services were affected.
The ransom figure provided by the cybercriminals for the ransomware removal has not been disclosed yet by the officials. Various stakeholders from around the country have offered services to resume the services of the port. Security experts realize that the ransomware threat cannot be taken lightheartedly. It requires significant time as well as an experienced and polished skill-set to effectively engage in the ransomware removal process.
Stephen Cobb, ESET’s security research, shared some insights on the attack. Cobb explained that a ransomware recovery process can include running several systems simultaneously to determine whether the ransomware has been isolated or not.