Ransomware attack targets VTA, hackers threaten to release data
VTA targeted in apparent ransomware attack, hackers threaten to release trove of data
Buses and light rail are still running, though many computer systems are offline
By NICO SAVIDGE | [email protected] | Bay Area News Group
PUBLISHED: April 22, 2021 at 9:57 a.m. | UPDATED: April 23, 2021 at 11:08 a.m.
A group of hackers claims to have stolen a trove of data from the Santa Clara Valley Transportation Authority in an apparent ransomware attack that has paralyzed many of the agency’s computer systems for days.
VTA officials initially said they believed they had contained the attack, which began over the weekend. But in a post on the dark web Thursday, a hacker group calling itself “Astro” wrote that it stole 150 gigabytes of data from the transit authority and is threatening to post it publicly if VTA does not “cooperate.”
Brett Callow, a threat analyst with the cybersecurity firm Emsisoft, said hackers in ransomware attacks such as this one make copies of sensitive data on the networks of governments, corporations and other entities. They typically demand a ransom to delete the information they stole, which could include the personal information of customers or workers, confidential employee misconduct records and other data that is “not the type of thing people want to end up online,” Callow said.
VTA spokesperson Stacey Hendler Ross said Friday morning the agency was still trying to determine whether any personal information of customers or employees was compromised in the attack. The hackers’ post does not identify what kind of data they have.
When asked directly about the hackers’ claims, including whether the agency has received any monetary threats, Hendler Ross repeatedly declined to comment.
“We are still working on it, we’re working with third-party experts that specialize in this, and we’re trying to get these systems back online to protect all the information that we have,” Hendler Ross said.
Buses, light rail trains and paratransit service have all continued running despite the attack.
The agency’s priority was to proactively shutdown technology systems to contain the event, which affected functions such as real-time arrival information and VTA employee email. As of late Friday morning, self-service systems for customer service and paratransit are still not available; engineers are working to bring them back online.
Customers seeking help or paratransit services can call 408-321-2300.
Hendler Ross said that VTA “will move quickly to notify the appropriate parties” if it determines there was a breach of any personal data, and is working with law enforcement to investigate the attack.
Buses and light rail are still running, though many computer systems are offline
By NICO SAVIDGE | [email protected] | Bay Area News Group
PUBLISHED: April 22, 2021 at 9:57 a.m. | UPDATED: April 23, 2021 at 11:08 a.m.
A group of hackers claims to have stolen a trove of data from the Santa Clara Valley Transportation Authority in an apparent ransomware attack that has paralyzed many of the agency’s computer systems for days.
VTA officials initially said they believed they had contained the attack, which began over the weekend. But in a post on the dark web Thursday, a hacker group calling itself “Astro” wrote that it stole 150 gigabytes of data from the transit authority and is threatening to post it publicly if VTA does not “cooperate.”
Brett Callow, a threat analyst with the cybersecurity firm Emsisoft, said hackers in ransomware attacks such as this one make copies of sensitive data on the networks of governments, corporations and other entities. They typically demand a ransom to delete the information they stole, which could include the personal information of customers or workers, confidential employee misconduct records and other data that is “not the type of thing people want to end up online,” Callow said.
VTA spokesperson Stacey Hendler Ross said Friday morning the agency was still trying to determine whether any personal information of customers or employees was compromised in the attack. The hackers’ post does not identify what kind of data they have.
When asked directly about the hackers’ claims, including whether the agency has received any monetary threats, Hendler Ross repeatedly declined to comment.
“We are still working on it, we’re working with third-party experts that specialize in this, and we’re trying to get these systems back online to protect all the information that we have,” Hendler Ross said.
Buses, light rail trains and paratransit service have all continued running despite the attack.
The agency’s priority was to proactively shutdown technology systems to contain the event, which affected functions such as real-time arrival information and VTA employee email. As of late Friday morning, self-service systems for customer service and paratransit are still not available; engineers are working to bring them back online.
Customers seeking help or paratransit services can call 408-321-2300.
Hendler Ross said that VTA “will move quickly to notify the appropriate parties” if it determines there was a breach of any personal data, and is working with law enforcement to investigate the attack.
