Share this article on:
A Washington state public transport service has been forced to put in place “temporary workarounds” in place after falling victim to a ransomware attack on 14 February.
The Pierce County Public Transportation Benefit Area Corporation — otherwise known as Pierce Transit, first reported an issue a day later, when it posted about a service disruption on Facebook.
“Pierce Transit’s phones are experiencing an outage due to a network issue,” the company said in a brief post.
The company moves about 18,000 people a day in Tacoma and the surrounding area.
Pierce Transit went into more detail on 1 March, however, when it spoke to a local area news site.
The company “experienced a ransomware incident that temporarily disrupted some agency systems. Upon discovering the incident, our team immediately took action to contain and isolate the threat. Third-party forensic experts were engaged to conduct a thorough investigation into the nature and scope of the incident, and law enforcement has been notified,” a Pierce Transit spokesperson told Komo News.
“All transportation services are operating as normal. However, temporary workarounds were put in place for certain affected administrative systems in the initial hours and days following the incident. The majority of operations have now been fully restored.”
While Pierce Transit did not reveal the identity of the hacker, the LockBit ransomware group claimed responsibility for the attack, demanding a US$1,999,999 ransom for either the destruction or return of that data by 28 February.
According to LockBit, the information the group exfiltrated included “postal correspondence, NDA agreements, personal data of customers, contracts, and much more”. Pierce Transit declined to pay, and LockBit has now published the information.
The US government and the FBI believe that companies should not pay ransoms in such cases. If companies stop paying up, then the threat of ransomware attacks, the thinking goes, will lessen as threat actors realise it is no longer a lucrative strategy.
LockBit has become a prolific threat actor in the last 12 months, both for its own attacks and as a ransomware-as-a-service operator. The group has taken responsibility for a raft of attacks, including against the Italian tax office and the bookstore chain WH Smith.
The group’s been a particular threat here in Australia, too. Last year the Australian Cyber Security Centre issued an alert to Australian companies as the LockBit ransomware saw a spike in use across the country.
LockBit is believed to be a Russian-speaking group and has been in operation since at least 2019.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.