Carnival Corp. Reveals Ransomware Attack

In an 8-K filed on August 17, Carnival Corporation reported that that just two days earlier, it detected a ransomware attack that “accessed and encrypted a portion of one brand’s information technology systems. The unauthorized access also included the download of certain of our data files.” The company believes that the attack is currently limited in scope to one specific brand, but it will not make any assurances to that affect.

According to the company, it immediately launched an investigation, notified law enforcement and engaged legal counsel. It also said it implemented a series of “containment and remediation measures to address this situation and reinforce the security of its information technology systems. The Company is working with industry-leading cybersecurity firms to immediately respond to the threat, defend the Company’s information technology systems, and conduct remediation.”

As for the information accessed, Carnival would only say that it was personal data of guests and employees. The 8-K didn’t say what type of personal information was accessed or if the company paid the ransomware to protect the data.

On Ransomware Attacks

According to Steve Durbin, managing director of the Information Security Forum, ransomware attacks are becoming increasingly lucrative for criminals making them a more prevalent threat.

It doesn’t help that ransomware attacks no longer require someone to be skilled at writing code, says Terence Jackson, Chief Information Security Officer at Thycotic. Now criminals have access to ransomware-as-a-service (RaaS) and exploit kits can be easily purchased off of the web now just like other commercial off-the-shelf software (COTS).

Since ransomware attackers aren’t interested in stealing assets – but rather in exploiting the value of the asset to the owner – attackers tend to target systems that are fundamental to business operations, Durbin notes. COVID-19, unfortunately, has left many of these systems operating unprotected with workers accessing corporate systems from home.

“An affected organization will have to face the potential of a double financial hit as it is forced to pay a large ransom to protect its people or resume normal operations, and then to retrospectively build in security,” Durbin adds.

Ransomware attacks also seem to be evolving, becoming more successful by leveraging “the unparalleled availability of stolen/exposed credentials available courtesy of the numerous breaches that have been made visible in the press,” says Shahrokh Shahidzadeh, CEO at Acceptto.

“Attacks appear to be more successful when leveraging a valid digital credential – which has been purchased on the dark web or stolen outright in a breach --  for planting ransomware, especially when a targeted organization doesn’t continuously authenticate every digital credential,” Shahidzadeh explains.

Two Ways to Protect Your Organization

First, organizations need to rethink their business model, Durbin says, particularly its business continuity and disaster recovery plans.

“Established plans that rely on employees being able to work from home, for example, do not stand up to an attack that removes connectivity or personally targets individuals as a means of dropping ransomware into the corporate infrastructure,” he explains. “Revised plans should cover threats to periods of operational downtime caused by attacks on infrastructure, devices or people. Creating a cyber-savvy workforce that takes information security seriously, while fostering a culture of trust, will help to eradicate poor security practices as well as reduce the number and scale of incidents.”

Second, organizations should have “a continuous, behavior-based authentication solution which would catch the inappropriate use of any credential,” Shahidzadeh says. Companies should not rely on current binary approaches which allow “too many cybercriminals into networks, allowing them to effectively plant ransomware attacks. In short, if your organization doesn’t continuously authenticate every digital credential, the likelihood of a ransomware attack being successful goes up exponentially.”

On the Importance of Cyber Insurance

Organizations stand to benefit from researching and purchasing cyber insurance, says Caroline Thompson, Head of Underwriting at Cowbell Cyber. How so?

“It is often overlooked that in the case of ransomware, the damage to an organization goes well beyond the need to pay the ransom if a readily available backup, which is the preferred solution, is not an option,” Thompson notes. “Business interruption, loss of revenue and reputational damages are all financial burdens that cyber insurance can provide relief for. Partnering with a trusted insurance carrier with dedicated cybersecurity expertise is a must.”