Carnival Corporation & PLC is the largest cruise line operator in the world. In 2019, Carnival pulled in a record revenue of $20.8 billion. Even with the troubles of 2020, this makes them a significant target for attackers looking to earn a profit. On 15 August 2020, Carnival Corp & PLC detected a ransomware attack that encrypted a portion of one brand’s IT systems. Attackers not only encrypted the data, but also downloaded certain files indicating some data was stolen. In their SEC filings, the company states, “we expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies.”
Some people may remember the breach Carnival experienced from April to July 2019 in which attackers stole data including, but not limited to names, addresses, social security numbers, credit card info, etc. Often cyber attackers will breach a network and linger there for future cyber-attacks. It is unclear if that is the case here.
Carnival has yet to disclose the name of the ransomware which targeted the company. However - using Red Sky Alliance collections - analysts noticed a recent spike in external malicious activity related to the company. This was right before the current attack. Our collection showed a spike...
Read the full report here: IR-20-233-001-Ransom_At_The_Carnival.pdf