Inland port in the western United States hit by a ransomware attack

According to The Maritime Executive, the Port of Kennewick, in Washington State, was hit by a ransomware cyberattack on November 17. A ransom of $200,000 was demanded in exchange for restoring access to the port’s data [ 1].

Although smaller than the major ports on the U.S. West and East Coasts, this inland port on the Columbia River now joins the list of many ports already affected by this type of attack. If further evidence were needed, the incident once again highlights that cybersecurity risks must also be taken seriously in the inland waterways sector.

As is often the case, the attack also impacted some of the city’s information systems, which were reportedly insufficiently segmented from those of the port. Port officials believe the incident may have originated from a phishing attack targeting a port employee.

The attackers demanded $200,000 to restore access to the port’s server and files. The FBI has been notified and is working with port authorities and the teams responsible for maintaining its information systems. According to those teams, there is confidence that no personal data was compromised, as the malware appeared to focus on “locking the servers rather than accessing the data or information stored on them” (sic). IT teams are currently restoring the affected systems from offline backups and rebuilding the port’s email server.

Port officials also stated that they do not intend to pay the ransom: “It would involve the use of public funds and, moreover, there is no guarantee that a decryption key would be provided after payment.” According to them, systems were regularly updated, antivirus controls were in place, and several layers of protection were deployed. They emphasized that the restoration of data and services is progressing, although a full recovery will still take time.