Coast Guard says Ryuk ransomware hit systems that monitor cargo transfers at maritime facility

The attack comes amid growing urgency in the maritime sector over digital threats.
coast guard ransomware
This bulletin came five months after the Coast Guard encouraged mariners to focus on basic cybersecurity measures. (Getty images)

Hackers used Ryuk ransomware to infiltrate computer networks at a marine transportation facility, causing an outage of roughly 30 hours, the U.S. Coast Guard said in a recent security advisory.

The incident resulted in the disruption of “the entire corporate IT network,” and difficulties for camera and physical access controls, among other tasks, according to the advisory. The facility shut down its primary operations for 30 hours while incident responders reacted to the situation.

“Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility’s access to critical files,” the bulletin stated. “The virus burrowed into the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations.”

This bulletin came five months after the Coast Guard encouraged mariners to focus on basic cybersecurity measures after a ship headed toward the Port of New York and New Jersey endured a “significant” cyber incident. Since then, the Coast Guard has simulated cyberattacks against critical trading hubs, using military personnel to ferret out malware that, if real, could have disabled key functionalities at a seaport.


Ryuk is the same hacking tool suspected in previous attacks against the city of New Orleans, La., New Bedford, Mass. and an array of other targets. While the Coast Guard did not disclose the specific victim or the exact date of infection in its Dec. 16 bulletin, it did suggest hackers used a phishing message to launch the malware onto affected networks.

The wider maritime industry presents a unique target to scammers and state-sponsored hackers alike. Cargo liner shipping undergirds some $4 trillion annually in global trade, while major shipping companies carry goods, including precious commodities, throughout the international economy, creating valuable espionage opportunities.

Meanwhile, hackers have deployed Ryuk to demand digital extortion fees from a range of targets in the public and private sectors. Along with the city of New Orleans, scammers also have targeted health care providers in Texas, logistics companies in Spain and a long list of other organizations.

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency also flagged a National Cyber Security Centre advisory about Ryuk ransomware in June.

The latest Coast Guard bulletin is available in full below.


[documentcloud url=”” responsive=true]

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts