A public transit company ‘Pierce Transit’ operating in sections of Washington state, believed some of its systems were affected by a ransomware attack two weeks ago. The ransomware attack began on February 14 and required Pierce Transit to implement temporary workarounds, according to the company, which primarily serves Tacoma and the surrounding Pierce County region with bus, van, and carpool services.
Every day, the transit system transports around 18,000 people. “Law enforcement has been informed, and third-party forensic experts have been retained to conduct a thorough investigation into the nature and breadth of the event. Crucially, this incident had no effect on our transit operations or the safety of our passengers; a spokeswoman told The Record.
By February 28, the LockBit ransomware group had claimed responsibility for the attack and issued a ransom demand. According to a Pierce Transit representative, the agency was aware that the deadline had passed.
“All modes of transportation are functioning normally. Nonetheless, in the early hours and days following the disaster, interim workarounds were implemented for several affected administrative systems. Most operations have now been fully restored, according to the spokeswoman.
The organization is still investigating the incident and determining what private information was accessed. If LockBit were to steal and leak client information, the company intends to let them know. The ransomware organization said it had stolen contracts, client information, non-disclosure agreements, correspondence, and more.
To “lower the likelihood of a similar issue recurring,” Pierce Transit plans to implement new cybersecurity monitoring tools and security measures. The spokeswoman stated, “We are dedicated to informing our community, as appropriate, as our inquiry progresses.
After the San Francisco Bay Area Rapid Transportation (BART) was targeted with ransomware in January, its second occurrence in recent years, Pierce Transit became the newest transportation company to experience a ransomware attack. Such victims include the Santa Clara Valley Transportation Authority in Silicon Valley in 2021 and the Southeastern Pennsylvania Transportation Authority in the Philadelphia region in 2020.
Following a ransomware attack during Memorial Day weekend, the transit agency for Cape Cod, Massachusetts, required weeks to recover. The Toronto Transit Commission (TTC) also reported an incident in November. One of the biggest transportation systems in the world, the Metropolitan Transit Authority in New York City, was also compromised by a Chinese hacker gang.
City officials raised warnings in a report despite the fact that the attack did not involve ransomware. Neither did it result in any harm because the attackers might have gained access to crucial systems and perhaps left backdoors in the network.
Potential Causes And Risks Of Public Transportation Under Cyberattack
It’s easier to imagine public transportation with digital line vehicles because they provide far too much convenience, such as real-time information on connections, capacity utilization, departure times, and the option to purchase tickets via an app. Additionally, having free Internet access on the train makes the journey go by much more amicably.
Data is always gathered or made available in the cars and communicated via the vehicle’s internal network to allow passengers and transportation operators to utilize such services. The onboard network in buses and trains is susceptible to hacker assaults like any other network. These types of IT intrusions do not immediately endanger drivers or passengers. They may, however, cause alterations and losses:
- Information and control service interruptions or failures.
- Controlling services.
- Capturing data produced by a vehicle’s systems.
- Financial losses resulting from system failure and damage restoration in the short- and long-term.
Although suppliers frequently offer connected services like passenger counting, video surveillance, fare administration, vehicle position monitoring, data storage, and credit card processing, agencies are also recommended to understand their own risks better and make sure they can articulate them in technical terms.
Security Measures To Secure Network In Public Bus:
Even these simple to moderately complex steps, which fleet managers can take, can considerably improve the security of vehicle networks:
- During planning, decide on a security concept: Determine which risks exist and how to manage them; choose the appropriate services.
- Limit access by installing equipment so only installers or experts can use it.
- Use strong passwords and change all device and service default passwords.
- Cryptographic security: Prevent outsiders from reading data from the network.
- Segmenting data via virtual networks (VLANs) allows for separating sensitive data from other data.
- Monitoring: By using network monitoring, irregularities in the network can be quickly found. There could be atypical connection attempts or excessively frequent IP address queries.
Conclusion
An organization that provides public transportation in parts of Washington state has admitted that a ransomware attack two weeks ago had an impact on some of its systems. The ransomware attack started on February 14 and, according to Pierce Transit, which primarily provides bus, van, and carpool services to Tacoma and the surrounding Pierce County region, necessitated the implementation of temporary solutions.
The transit system transports about 18,000 people each day. “The occurrence has been reported to law authorities, and independent forensic experts have been hired to conduct a comprehensive investigation into the nature and scope of the event. Notably, this event had no impact on our transit services’ effectiveness or our customers’ security.
