Cruise line operator Carnival Corporation has disclosed that one of their brands suffered a ransomware attack over the past weekend.

Carnival operates AIDA, Carnival and Princess Cruises and other cruise lines. 

In an 8-K form filed with the Securities and Exchange Commission (SEC), Carnival Corporation disclosed that one of its brands suffered a ransomware attack on August 15, 2020: "On August 15, 2020, Carnival Corporation and Carnival plc (together, the “Company,” “we,” “us,” or “our”) detected a ransomware attack that accessed and encrypted a portion of one brand’s information technology systems. The unauthorized access also included the download of certain of our data files." 
The company did not identify the brand that was hit by the ransomware. 
Steve Durbin, managing director of the Information Security Forum, says ransomware is one of the most prevalent threats to an organization’s information and is increasingly lucrative for criminals. "To protect against the scale and scope of these threats, an organization will be forced to rethink its defensive model, particularly its business continuity and disaster recovery plans," adds Durbin. "Established plans that rely on employees being able to work from home do not stand up to an attack that removes connectivity or personally targets individuals as a means of dropping ransomware into the corporate infrastructure.  Revised plans should cover threats to periods of operational downtime caused by attacks on infrastructure, devices or people.”

According to Terence Jackson, Chief Information Security Officer at Thycotic, ransomware has evolved over the years from being something that required someone fairly skilled in writing code to a ransomware-as-a-service (RaaS) offering.

Jackson notes, "However, the skills that it takes to launch a ransomware attack have lessened. Exploit kits can be easily purchased off of the web now just like other commercial off-the-shelf software (COTS). Phishing is, and will likely continue to be, the preferred method for ransomware. It only takes one employee to open the door. This makes the attackers job much easier and again lowers to technical bar of entry to perpetrate an attack.  As long as humans remain the weakest link in the defenses, ransomware attacks will continue to intensify.”

Shahrokh Shahidzadeh, CEO at Acceptto, notes that attacks appear to be more successful when leveraging a valid digital credential for planting ransomware and unfortunately, current binary approaches to authentication allow too many cybercriminals into networks, allowing them to effectively plant ransomware attacks.

Shahidzadeh adds, "The use of valid digital credentials which have been purchased on the dark web, or stolen out right in a breach, provides the best access for planting ransomware when a targeted organization doesn’t have a continuous, behavior-based authentication solution which would catch the inappropriate use of that credential. Ransomware attacks will continue to adapt and evolve, especially with the ease of access to stolen digital credentials and the current deployment of continuous authentication solutions.  In short, if your organization doesn’t continuously authenticate every digital credential, the likelihood of a ransomware attack being successful goes up exponentially.”