The Kansas City Area Transportation Authority (KCATA), a vital public transit agency in the heart of metropolitan Kansas City, is dealing with a severe security incident that has impacted most of its operations.
Key Facts:
- KCATA, responsible for the Metro Area Express (MAX) bus rapid transit service and 78 local bus routes across seven counties, reported an annual ridership of 10,572,100 as of 2022.
- The breach took place on January 23, with the company swiftly initiating an investigation and notifying relevant authorities.
- External cybersecurity experts were promptly engaged to restore the integrity of the impacted systems.
Immediate Fallout:
A notice released by KCATA revealed: “A ransom cyber-attack hit the KCATA early Tuesday, January 23. We have contacted all appropriate authorities including the FBI.”
Despite the upheaval, KCATA assures the public that its critical services, such as fixed-route buses and paratransit services, remain unaffected. However, there are challenges in reaching regional RideKC call centers due to a communication breakdown with KCATA landlines.
KCATA is working tirelessly with external cybersecurity professionals to restore normalcy, emphasizing a commitment to resuming full operations as quickly as possible.
Ransomware Gang Claims Responsibility:
Adding a layer of complexity to the situation, the notorious Medusa ransomware gang has proudly claimed responsibility for the attack.
The gang wasted no time escalating the matter by adding KCATA to its Tor leak site and providing a chilling ultimatum: pay a $2 million ransom or face the public release of all stolen data. To exacerbate the pressure, the Medusa group allows the option to extend the deadline to $100,000 per day.
Despite the transparency about the incident, KCATA has chosen not to disclose specific details about the cyberattack. Critical information, such as the ransomware family responsible or the occurrence of a data breach, remains undisclosed.