San Francisco BART investigating ransomware attack

San Francisco’s Bay Area Rapid Transit (BART) is investigating an alleged ransomware attack after the Vice Society ransomware gang claimed to have attacked the agency. 

BART – the fifth-busiest heavy rail rapid transit system in the United States – was listed on the group's leak site on Friday. Alicia Trost, chief communications officer for BART, told The Record that they are investigating the data that was stolen and posted by the group. 

“To be clear, no BART services or internal business systems have been impacted,” she said. “As with other government agencies, we are taking all necessary precautions to respond.”

Vice Society has listed Bay Area Rapid Transit #BART #Ransomware pic.twitter.com/Wn58CBSdtM

— Brett Callow (@BrettCallow) January 6, 2023

The rail industry has seen its fair share of cyberattacks in recent years. In April 2021, New York City’s Metropolitan Transportation Authority – one of the largest transportation systems in the world – was hacked by a group based in China. 

While the attack did not cause any damage and no riders were put at risk, city officials raised alarms in a report because the attackers could have reached critical systems and may have left backdoors inside.

The same month, the Santa Clarita Valley Transportation Authority was hit with a ransomware attack. In 2020, the Southeastern Pennsylvania Transportation Authority also experienced a ransomware attack.

Just last week, one of the world’s largest rail and locomotive companies announced a data breach that involved troves of employee information following an alleged ransomware attack last summer. 

Homeland Security Secretary Alejandro Mayorkas announced new cybersecurity regulations last year for U.S. railroad operators, requiring them to disclose any hacks, create cyberattack recovery programs and name a chief cyber official. Those regulations expired in December.

The Vice Society ransomware gang has drawn international headlines with attacks on colleges and K-12 schools, including the second largest public school district in the U.S. and several in the United Kingdom.

The FBI, Cybersecurity and Infrastructure Security Agency (CISA) and other agencies noted in an alert in September that Vice Society has “disproportionately” attacked dozens of educational institutions over the last year and stepped up its level of attacks in the fall of 2022.

But the group also “continues to focus on organizations where there are weaker security controls and a higher likelihood of compromise and ransom payout,” according to a Microsoft report released in October.