Central Virginia transit system affected by cyber incident

The organization that runs the transit system for central Virginia dealt with a computer network disruption due to a cyberattack around the Thanksgiving holiday.

The Greater Richmond Transit Company (GRTC) provides bus and specialized transportation services for millions of people across Richmond, Chesterfield and Henrico Counties.

A spokesperson told Recorded Future News that around Thanksgiving they experienced a network disruption that “temporarily impacted certain applications and parts of the GRTC network.”

“In response, our IT staff quickly discovered and restored our computer network. GRTC has also engaged third-party computer specialists to investigate the nature and scope of the incident,” the spokesperson said.

“All services are currently running as scheduled and GRTC does not expect any additional disruptions for riders at this time.”

The spokesperson declined to answer further questions about whether it was a ransomware attack or whether data was stolen during the incident.

The service — which is owned jointly by the city of Richmond and neighboring Chesterfield County — conducted more than 8.7 million rides in 2022 and last year served about 31,200 riders per weekday.

The Play ransomware gang took credit for the attack, posting the organization on its leak site on Thursday. The group gave GRTC until December 13 to pay an undisclosed ransom.

Play has listed the #GRTC Transit System. #Ransomware 1/2 pic.twitter.com/viXDfjMeqh

— Brett Callow (@BrettCallow) December 7, 2023

The ransomware gang has made a point of going after municipal services in 2023, launching devastating attacks on the city of Oakland, Dallas County and the Massachusetts city of Lowell.

Multiple public transit systems have faced attack over the last two years as they increasingly automate their services and systems. The St. Louis region’s Metro Call-A-Ride service for people with disabilities was attacked by ransomware actors in October, and a public transportation system for the state of Washington faced attack by a notorious ransomware gang in March.

The San Francisco Bay Area Rapid Transit (BART) was hit with ransomware in January, its second incident in recent years. Similar victims include the Silicon Valley-area Santa Clara Valley Transportation Authority in 2021 and the Philadelphia-area Southeastern Pennsylvania Transportation Authority in 2020.

The transit bureau for Cape Cod, Massachusetts, took weeks to recover last year after a Memorial Day weekend ransomware attack, and the Toronto Transit Commission (TTC) reported an attack in November 2021. Vancouver, Montreal, Sacramento, Fort Worth, Philadelphia and Ann Arbor have all seen ransomware attacks on their transportation systems over the last five years.

New York City’s Metropolitan Transportation Authority — one of the largest transportation systems in the world — was also hacked by a group based in China. While the attack did not involve ransomware and did not cause any damage, city officials raised alarms in a report because the attackers could have reached critical systems and may have left backdoors inside the network.