Cape Cod transit bureau still recovering from Memorial Day ransomware attack

Officials at Cape Cod’s transit bureau said they are still in the process of recovering from a ransomware attack that impacted their servers and communication systems on Memorial Day weekend.

Tom Cahir, administrator of the Cape Cod Regional Transit Authority (CCRTA), told The Record that the attack initially impacted their access to servers and communication systems.

“In response to this attack, our dedicated team of IT professionals immediately put measures in place to keep our fixed route and Dial-a-Ride transit services running without interruption to our valued customers,” Cahir said.  

“In addition, the proper authorities were notified immediately and are working with our team to assist in the restoration of our network," he said. "As a result of these efforts, we continue to make great progress toward fully restoring all of our IT systems.”

The FBI and Massachusetts State Police have been involved in the recovery and response effort, according to The Cape Cod Times, which reported that the ransomware group behind the attack was not contacted for ransom demands. 

The LV ransomware group took credit for the attack and leaked some of the data it stole. The group uses a modified version of a REvil ransomware variant and earlier this month claimed to have attacked the CiCi's Pizza chain of buffet restaurants. 

Employees of CCRTA were forced to move to a manual route mapping system for the Dial-a-Ride-Transportation bus service but reported few disruptions to overall service. 

“Many folks on my team have been working manually to get a lot of the data and information necessary to get the trips recorded and get people their service,” Cahir told CapeCod.com three days after the attack. 

“Our fixed-route service was not interrupted really at all. Some of our dial-a-ride service and others where you are required to call in and schedule a trip; we had to do a lot of that manually.”

Almost exactly one year ago, ferry services in Cape Cod, Martha's Vineyard and Nantucket were disrupted by a ransomware attack. 

A team of IT professionals is currently assessing the impact of the attack. Additional information will be provided upon completion of the initial assessment. 2/2

— Steamship Authority (@SteamshipMA) June 2, 2021

Transit systems have been a frequent target of ransomware groups over the last three years. The Toronto Transit Commission (TTC) — which runs the city's public transportation system — reported a ransomware attack in November while Montreal's system was hit in October 2020, and Vancouver's was attacked in December 2020.

San Francisco, Sacramento, Fort Worth, Philadelphia and Ann Arbor have all seen ransomware attacks on their transportation systems over the last five years.