Cape Cod transit bureau still recovering from Memorial Day ransomware attack

Officials at Cape Cod’s transit bureau said they are still in the process of recovering from a ransomware attack that impacted their servers and communication systems on Memorial Day weekend.

Tom Cahir, administrator of the Cape Cod Regional Transit Authority (CCRTA), told The Record that the attack initially impacted their access to servers and communication systems.

“In response to this attack, our dedicated team of IT professionals immediately put measures in place to keep our fixed route and Dial-a-Ride transit services running without interruption to our valued customers,” Cahir said.  

“In addition, the proper authorities were notified immediately and are working with our team to assist in the restoration of our network," he said. "As a result of these efforts, we continue to make great progress toward fully restoring all of our IT systems.”

The FBI and Massachusetts State Police have been involved in the recovery and response effort, according to The Cape Cod Times, which reported that the ransomware group behind the attack was not contacted for ransom demands. 

The LV ransomware group took credit for the attack and leaked some of the data it stole. The group uses a modified version of a REvil ransomware variant and earlier this month claimed to have attacked the CiCi's Pizza chain of buffet restaurants. 

Employees of CCRTA were forced to move to a manual route mapping system for the Dial-a-Ride-Transportation bus service but reported few disruptions to overall service. 

“Many folks on my team have been working manually to get a lot of the data and information necessary to get the trips recorded and get people their service,” Cahir told three days after the attack. 

“Our fixed-route service was not interrupted really at all. Some of our dial-a-ride service and others where you are required to call in and schedule a trip; we had to do a lot of that manually.”

Almost exactly one year ago, ferry services in Cape Cod, Martha's Vineyard and Nantucket were disrupted by a ransomware attack. 

Transit systems have been a frequent target of ransomware groups over the last three years. The Toronto Transit Commission (TTC) — which runs the city's public transportation system — reported a ransomware attack in November while Montreal's system was hit in October 2020, and Vancouver's was attacked in December 2020.

San Francisco, Sacramento, Fort Worth, Philadelphia and Ann Arbor have all seen ransomware attacks on their transportation systems over the last five years.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.