The Carnival Cruise Ransomware Attack: What to Know

The Carnival Cruise Ransomware Attack: What to Know

In a regulatory filing, cruise operator Carnival disclosed a ransomware attack which exposed guest and employee data. Carnival did not disclose how many people may be affected by the attack nor what data the hackers stole; it did confirm that the hackers did download and stole data. The identities of the perpetrators remain unknown. 

The company, the world’s largest cruise operator, discovered the ransomware attack on August 15. In a statement, Carnival confirmed the attack encrypted a portion of the IT environment of one of their myriad brands. However, they did not disclose which brand was attacked. 

Carnival continued: “We expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies.”

The company is currently weathering the effects of COVID-19 on the global tourism industry. Moreover, Carnival owns the Princess cruise line which disclosed a significant data breach earlier this year

To learn more about the Carnival Cruise Ransomware attack, we spoke with some experts. 

The Carnival Cruise Ransomware Attack, According to Experts

Steve Durbin

Steve Durbin is Managing Director of the Information Security Forum.

Ransomware is one of the most prevalent threats to an organization’s information and is increasingly lucrative for criminals. An affected organization will have to face the potential of a double financial hit as it is forced to pay a large ransom to protect its people or resume normal operations, and then to retrospectively build in security.

Ransomware attackers are not interested in stealing assets and using them to cause damage, but in exploiting the value of the asset to its owner.  When striking at organizations, attackers will target systems that are fundamental to business operations, some of which may be operating in an unprotected manner or which may have been unwittingly exposed during the COVID-19 response when workers were forced to access corporate systems from home. 

To protect against the scale and scope of these threats, an organization will be forced to rethink its defensive model, particularly its business continuity and disaster recovery plans. Established plans that rely on employees being able to work from home, for example, do not stand up to an attack that removes connectivity or personally targets individuals as a means of dropping ransomware into the corporate infrastructure.  Revised plans should cover threats to periods of operational downtime caused by attacks on infrastructure, devices or people. Creating a cyber-savvy workforce that takes information security seriously, while fostering a culture of trust, will help to eradicate poor security practices as well as reduce the number and scale of incidents.

Terence Jackson

Terence Jackson is Chief Information Security Officer at Thycotic.

Ransomware has evolved over the years from being something that requires someone fairly skilled in writing code to a ransomware-as-a-service (RaaS) offering. However, the skills that it takes to launch a ransomware attack have lessened. Exploit kits can be easily purchased off of the web now just like other commercial off-the-shelf software (COTS). Attacks have increased against state and local municipalities, likely due to their lack of proper funding for security programs and criticality of the services they offer, which has made them more likely to pay up. 

Phishing is, and will likely continue to be, the preferred method for ransomware. It only takes one employee to open the door. This makes the attackers job much easier and again lowers the technical bar of entry to perpetrate an attack.  As long as humans remain the weakest link in the defenses, ransomware attacks will continue to intensify.

Thank you to our security experts for their time and expertise. Bleeping Computer broke this story originally. Learn more in our Endpoint Security Buyer’s Guide

Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me