Light Dark
January 6, 2020 By David Bisson 2 min read

Last week in security news, the U.S. Coast Guard revealed that a maritime facility suffered an infection at the hands of the Ryuk ransomware family. Speaking of ransomware, researchers spotted ransomware attackers offering discounts and season’s greetings to convince victims to pay their ransom demands. Finally, researchers spotted a new malware family targeting Portugal, a new zero-day vulnerability in the Windows platform and more than 100 malicious Android apps using the same code package to perform ad fraud.

Top Story of the Week: Ryuk Sets Sail on a Maritime Facility’s Systems

The U.S. Coast Guard revealed that Ryuk struck a maritime facility regulated by the Maritime Transportation Security Act (MTSA). The threat’s entry point remained unclear at the time of publication, however, officials reasoned that the ransomware likely made its way onto the maritime facility’s computers via a phishing attack.

The facility shut down its primary operations for a period of 30 hours following its discovery of the attack. It made this decision after learning that Ryuk had disrupted its entire corporate IT environment, interfered with its physical access control systems and taken its critical process control monitoring systems offline.

Source: iStock

Also in Security News

  • Attack Emails Utilize Portugal Government Template to Spread Lampion Malware: At the end of 2019, Security Affairs reported on a phishing campaign that used email templates based on those used by Portuguese Government Finance & Tax employees. Those emails delivered Lampion, a member of the Trojan-Banker.Win32.ChePro family that came with its own improvements designed to foil detection and analysis.
  • Soraka Code Package Leveraged by 100+ Android Apps to Perform Ad Fraud: In December, the White Ops Threat Intelligence Team observed more than 100 malicious Android apps using a common code package called Soraka to perform ad fraud. Soraka displayed a total of three out-of-context (OOC) ads in sequence once a victim unlocked their Android device.
  • Discounts, Season’s Greetings Used to Entice Ransomware Victims Into Paying: As reported by Bleeping Computer, a security researcher spotted a sample of Sodinokibi ransomware (REvil) urging users to pay the ransom so that they would not be stressed and not waste time that they could otherwise be spending with their family during the holidays. Along a similar vein, the attackers behind a Maze ransomware campaign offered their victims a 25 percent discount on their ransom demands at the very end of 2019.
  • Windows Zero-Day Vulnerability Reported to and Patched by Microsoft: On December 10, Microsoft patched a zero-day vulnerability reported to it by Kaspersky Lab researchers. This flaw enabled digital attackers to execute arbitrary code on a victim’s machine, reported Deccan Chronicle in the new year.

Security Tip of the Week: Elevate Your Defenses Against a Ransomware Attack

Security professionals can help defend their organizations against a ransomware attack by embracing a layered defense strategy that combines antivirus solutions, anti-data encryptors and other security tools. A crucial part of this strategy should be keeping — and periodically testing — multiple data backups both offline and in the cloud.

 |  |  |  |  |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

January 30, 2025

When ransomware kills: Attacks on healthcare facilities

4 min read - As ransomware attacks continue to escalate, their toll is often measured in data loss and financial strain. But what about the loss of human life? Nowhere is the ransomware threat more acute than in the healthcare sector, where patients’ lives are literally on the line.Since 2015, there has been a staggering increase in ransomware attacks on healthcare facilities. And the impacts are severe: Diverted emergency services, delayed critical treatments and even fatalities. Meanwhile, the pledge some ransomware groups made during…

January 29, 2025

AI and cloud vulnerabilities aren’t the only threats facing CISOs today

6 min read - With cloud infrastructure and, more recently, artificial intelligence (AI) systems becoming prime targets for attackers, security leaders are laser-focused on defending these high-profile areas. They’re right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks.However, this heightened attention to emerging threats makes it easy to overlook traditional attack vectors, such as human-driven social engineering and vulnerabilities in physical security.As adversaries exploit an ever-wider range of potential entry points…

January 28, 2025

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature