The Port of San Diego has experienced a serious cybersecurity incident that has disrupted the agency’s information technology systems, the port said in a statement.
The port’s investigation has so far determined that ransomware was involved in this attack. The ransom note requested payment in bitcoin, although the amount that was requested was not disclosed.
San Diego port first received reports of the disruption on September 25, 2018, and mobilized a team of industry experts and local, regional, state and federal partners to minimize impacts and restore system functionality, with priority placed on public safety-related systems.
The port said that the team is currently determining the extent and timing of the incident and the amount of damage to information technology resources, and developing a plan for recovery.
“It is important to note that this is mainly an administrative issue and normal port operations are continuing as usual. The port remains open, public safety operations are ongoing, and ships and boats continue to access the bay without impacts from the cybersecurity incident,” said Port of San Diego CEO Randa Coniglio.
“While some of the port’s information technology systems were compromised by the attack, port staff also proactively shut down other systems out of an abundance of caution.”
San Diego port added that it is partnering with the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) on the investigation of the incident.