On September 25th, the Port of San Diego announced that their information technology systems had been disrupted by a cyber attack. In an announcement today, it was announced that this disruption was caused by a ransomware attack.
"The Port of San Diego continues to investigate a serious cybersecurity incident that has disrupted the agency's information technology systems, and the Port's investigation so far has determined that ransomware was involved in this attack" said Port of San Diego CEO Randa Coniglio. "As previously stated, the Port has mobilized a team of industry experts and local, regional, state and federal partners to minimize impacts and restore system functionality, with priority placed on public safety-related systems. The team is currently determining the extent and timing of the incident and the amount of damage to information technology resources, and developing a plan for recovery. The Harbor Police Department continues to use alternative systems and procedures in place to minimize impacts to public safety. Port employees continue to have limited functionality which may have temporary impacts on service to the public, especially in the areas of park permits, public records requests, and business services. No further information is available at this time; updates will be provided as information is available."
Due to the attack affecting their information technology systems, various park and business services are being affected, especially when it comes to issuing park permits, processing public record requests, and conducting normal business services.
BleepingComputer has confirmed with a representative of the Port of San Diego that this was indeed a ransomware attack, but they declined to provide any further information.
While we do not know what ransomware they are a victim of, the most common variants with attacks like this are SamSam, Bitpaymer, or Dharma. Each of these variants are known to gain access to networks by brute forcing the passwords for public facing remote desktop services. Once they gain access to the network, they proceed in encrypting as many workstations as possible.
This is a developing story and will be updated as more information becomes available.