US Coast Guard Official Logo

Ryuk ransomware takes down US Coast Guard facility

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

A ransomware attack caused a US maritime base to shut down for over 30 hours, the Coast Guard reveals.

The US Coast Guard (USCG) has become the next entry on a long list of targeted organisations hit by successful ransomware attacks.

In this case, a Maritime Transportation Security Act (MTSA) regulated facility, currently unnamed, was hit by the Ryuk ransomware strain.

The virus managed to infiltrate and shut down vital systems including cameras, physical access control systems and critical process control monitoring systems. Due to the attack, the company was forced to shut for over 30 hours while a cyber-incident response was conducted.

“Forensic analysis is currently ongoing but the virus, identified as “Ryuk” ransomware, may have entered the network of the MTSA facility via an email phishing campaign.”

Marine Safety Information Bulletin – US Coast Guard

Since the attack the USCG has released a security bulletin detailing steps taken and recommendations to other facilities to help prevent such damaging attacks.

It explains that the cause of the ransomware infection was an employee clicking a malicious link within a phishing email.

“Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility’s access to critical files.”


The Ryuk strain of ransomware was originally discovered in August 2018 and has been responsible for multiple attacks across the world. According to an advisory paper by the UK’s National Cyber Security Centre (NCSC), its demands are set via the victim’s perceived ability to pay. As of this time the USCG has contained the threat and no ransoms have been paid.

The fact that a military-grade secure facility, governed by strict cyber security procedures was still able to fall victim to a ransomware attack demonstrates one thing:

Cyber-security must lie in the minds of the employees, not just in security hardware.

Educating your users with Security Awareness Training and Simulated Phishing is the most cost effective method of reducing your organisation’s cyber threat surface.

At Phishing Tackle, we strongly believe that the tools needed to secure your organisation should not cost the earth. We even went as far as to create several free tools, including a test that reveals how many of your users are susceptible to clicking on phishing emails.

Check out our Free Click-Prone® Test and find out how many users require further training to avoid becoming potential threats to your organisation’s security.