Port of San Diego

In September 2018, the Port of San Diego, a medium-sized cargo port, fell victim to a SamSam Ransomware attack orchestrated by two Iranian hackers, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri. The attackers exploited network vulnerabilities after conducting online reconnaissance, timing the assault during night-time hours to minimize detection. They used anonymized browsing and traffic routing to obscure their activity. The ransomware encrypted data on non-critical administrative systems, causing a temporary disruption but no data loss due to robust backup measures. Commercial port operations remained unaffected, and the port refused to pay the Bitcoin ransom demand. While the attack disrupted internal workflows briefly, it did not compromise sensitive data, financial records, or operational continuity. The incident highlighted the port’s resilience but also exposed vulnerabilities in its cybersecurity defenses against targeted ransomware campaigns.

Source: https://www.maritime-executive.com/article/iranian-hackers-indicted-for-port-of-san-diego-cyberattack

TPRM report: https://www.rankiteo.com/company/port-of-san-diego

"id": "por538092125",
"linkid": "port-of-san-diego",
"type": "Ransomware",
"date": "9/2018",
"severity": "50",
"impact": "1",
"explanation": "Attack without any consequences"

{'affected_entities': [{'customers_affected': 'none',
                        'industry': 'logistics/transportation',
                        'location': 'San Diego, California, USA',
                        'name': 'San Diego Cargo Port',
                        'size': 'medium',
                        'type': 'port authority'}],
 'attack_vector': ['vulnerability scanning',
                   'timed attack (night-time)',
                   'disguised network activity',
                   'anonymized traffic routing'],
 'data_breach': {'data_encryption': True,
                 'number_of_records_exposed': '0',
                 'sensitivity_of_data': 'none',
                 'type_of_data_compromised': 'none'},
 'date_detected': '2018-09',
 'description': 'In September 2018, a medium-sized cargo port in San Diego was '
                'hit by a ransomware attack. The attackers, two Iranian '
                'hackers (Faramarz Shahi Savandi and Mohammad Mehdi Shah '
                'Mansouri), used SamSam Ransomware to encrypt data on the '
                "port's computer systems. The attack targeted non-critical "
                'administrative systems during night-time hours, disguising '
                "intrusions as normal network activity. The port's IT team "
                'restored systems from backups, avoiding data loss and '
                'refusing to pay the ransom. Commercial port operations '
                'remained unaffected.',
 'impact': {'data_compromised': 'none',
            'downtime': 'brief period',
            'operational_impact': 'none (commercial operations unaffected)',
            'systems_affected': 'non-critical administrative systems'},
 'motivation': 'financial gain',
 'post_incident_analysis': {'root_causes': ['exploited network vulnerabilities',
                                            'timed attack during low-defense '
                                            'hours']},
 'ransomware': {'data_encryption': True,
                'ransom_demanded': {'amount': None, 'currency': 'Bitcoin'},
                'ransomware_strain': 'SamSam'},
 'response': {'containment_measures': ['system restoration from backups'],
              'incident_response_plan_activated': True,
              'recovery_measures': ['backup recovery']},
 'threat_actor': [{'motivation': 'financial gain',
                   'name': 'Faramarz Shahi Savandi'},
                  {'motivation': 'financial gain',
                   'name': 'Mohammad Mehdi Shah Mansouri'}],
 'title': 'SamSam Ransomware Attack on San Diego Cargo Port',
 'type': 'ransomware'}