The Port of San Diego has lost access to peripheral services such as park permits, public records, and business services due to a ransomware attack demanding payment in Bitcoin. While the port has lost access to the aforementioned services, core services remain intact.
Ransomware typically works by encrypting files and locking out access until a payment is made, usually with a crypto asset like Bitcoin, Litecoin, or Monero. Typically, a decryption key will be sent to unlock the files once payment is made. Ransomware could also be resolved by completely wiping network infrastructure to eliminate the virus and ensuring that there are no hidden backdoors that attackers could use to reinstall the ransomware, and then restoring everything from backups.
Cryptocurrency Ransomware Gets Called An Epidemic
Reports have indicated that ransomware is reaching epidemic levels in Canada, where the city of Wasaga Beach, Ontario, was the victim of an attack. The city ended up paying a total of $251,759 in ransomware payments and IT staff overtime in order to clean up the attack.
Researchers at the University of Padua, Italy, say that ransomware attacks that demanded cryptocurrency ransoms may have netted between $2.2 to $4.5 million for the attackers between 2009 and 2015. A Trojan virus called CryptoWall, which can slip into computers using spam emails, may be responsible for the majority of the attacks. Deleting suspect emails without opening them or downloading any attachments may be the best way to defend against Trojans spread by email.
Wasaga Beach is part of the minority of reported ransomware victims to actually pay the ransom. However, many ransomware attacks may go unreported. Winnipeg businessman David Keam says he hesitated to report to the authorities after becoming a victim of ransomware because he doubted that Canadian law enforcement could do much about it.
“Maybe Interpol will catch them someday,” he said, referring to the common belief that such attackers not only like the anonymous or pseudonymous nature of cryptocurrency but also hide behind the limitations of local or national law enforcement agencies that cannot do much about international crime rings.
Experts Frustrated by Lack of Resources
Officials and cybersecurity experts have expressed frustration at the lack of resources available to defend against attacks like this. Cybersecurity firm ESET’s lead researcher, Stephen Cobb, said of the issue:
“What we’ve seen in the last 12 months is more of this targeted attack on organizations. … It is difficult for government organizations to necessarily get the budget as quickly as they need to put defenses in place, but on the other side, [Port of San Diego personnel] have essential services.”
Investigators have not yet indicated who might be behind this attack. As of the time of writing, the Port of San Diego has not yet announced how much the attackers are demanding or whether it will actually pay the ransom.