Ransomware actors have disrupted the largest ferry service operating out of Massachusetts, disrupting passengers and commercial traffic.
The Steamship Authority, which runs to Martha's Vineyard and Nantucket, revealed on Twitter that the attack struck early on Wednesday morning, local time.
The outage meant that customers were unable to book or change vehicle reservations online or by phone. However, existing bookings would be honored, and rescheduling or cancellation fees waived, it said.
“There is no impact to the safety of vessel operations, as the issue does not affect radar or GPS functionality. Scheduled trips to both islands continue to operate, although customers may experience some delays during the ticketing process,” the firm said.
“If traveling with the Authority today, cash is preferred for all transactions. The availability of credit card systems to process vehicle and passenger tickets, as well as parking lot fees, is limited.”
In an update late last night, the Steamship Authority said it expected the disruption to continue throughout Thursday June 3. The firm's website was also down at the time of writing.
“The Steamship Authority continues to work with our team internally, as well as with local, state, and federal officials externally, to address today’s ransomware incident. At this point, we are unable to release or confirm specific details of what occurred,” it said.
Although the target for this attack is relatively minor compared to the recent incidents at Colonial Pipeline and JBS, it proves that no organization is safe from ransomware.
Charles Herring, CTO of WitFoo, argued that poor cyber-hygiene and a lack of coordination between law enforcement and private organizations had enabled cyber-criminals to get ahead in this particular arms race.
“The outer layer of the broken system is that national security and intelligence agencies need access to data collected by law enforcement to inform military and diplomatic strategy and campaigns,” he added.
“We are quickly learning that safely sharing information, while protecting liberties and privacy, is as important to thwarting evolving cybercrime as it was in combating terrorism after 9/11.”