The world’s largest cruise operator Carnival Corporation has reported a security incident. As revealed, Carnival suffered a ransomware attack that affected some of its data.
Carnival Corporation Ransomware Attack
In a recent 8-K filing with the US Securities Exchange Commission (SEC), Carnival has disclosed a ransomware attack.
As mentioned, the incident hit the firm on August 15, 2020, when it caught the attention of its officials. They found that the ransomware attacked a portion of one of their brands’ IT system and encrypted the data. Also, the attackers tried to download some data files.
Upon detecting the incident, the firm promptly contained the attack and started investigating the matter.
For now, the company believes that the incident did not affect its operations. As stated in the filing,
Based on its preliminary assessment and on the information currently known (in particular, that the incident occurred in a portion of a brand’s information technology systems), the Company does not believe the incident will have a material impact on its business, operations or financial results.
Nonetheless, they do suspect potential impact on the employees’ and customers’ data.
We expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies.
Also, they do not rule the possible impact of the incident on the information technology systems of other brands.
For now, they haven’t explicitly stated the type of ransomware attack and the exact damages incurred. Also, they haven’t stated anything about the payment of ransom to the attackers.
Vulnerable Devices Could Be A Reason
Quoting Bad Packets, Bleeping Computer reports that the cruise operator uses potentially vulnerable devices. They have highlighted the Citrix vulnerability CVE-2019-19781, and Palo Alto Firewall flaw CVE-2020-2021 to be potentially responsible for the attack. Exploiting these bugs could allow the attackers to gain access to corporate networks.
While the patches for bugs are already available, many firms haven’t patched their systems yet. Consequently, the attackers began exploiting the bugs. For instance, in January 2020, we reported about the spread of Ragnarok ransomware by exploiting the Citrix vulnerability on unpatched systems.
This isn’t the first cyber attack affecting Carnival Corp though. In March 2020, they disclosed a data breach that lasted for few months and affected customers’ information.
Let us know your thoughts in the comments.