Auckland Transport suffers “technical outage” as Medusa ransomware gang claims hack
A New Zealand transport service has confirmed its ticketing systems were disrupted on Tuesday by a “cyber incident”, but that services are coming back online slowly throughout the day.
Online top-ups of travel cards, some ticketing machines, a ferry terminal, and customer service centres were all affected by the apparent hack, but Auckland Transport is still warning customers of significant delays.
According to a service announcement on the Auckland Transport website, the incident began on Monday September 18, and by 8pm New Zealand time “good progress” was being made on restoring services.
“Different services will be available at different times throughout the day as we bring our systems back online,” Auckland Transport said. “We will keep this webpage updated as to the progress of service restoration.”
The latest update, posted at 3pm on Tuesday September 19, reported that “most AT customer service centres” and ticket machines were now operational.
“Investigations into the cyber incident are still ongoing, and at this stage AT still believes customer data, including financial data, has not been compromised,” Auckland Transport said.
“AT takes cyber security very seriously. We activated our security protocols as soon as we became aware of the incident last week and are working with our expert partners to minimise any future risk to our systems.”
However, the Medusa ransomware group posted some information regarding the incident on its darknet leak site on Monday, with a range of ransom demands. The group is currently asking for US$1 million to delete all data, and the same amount for anyone wanting to download it. Medusa is also charging US$10,000 to add one day to the timer before it publishes the data.
At the time of writing, Medusa has said it will publish within seven days.
Medusa has not published any samples of what it may be holding, so it is difficult to verify the group’s claims. 290 people have already viewed the web page.
When asked about the ransomware operator’s claims, Auckland Transport CEO Dean Kimpton told Cyber Security Connect that AT had no interest in negotiating.
“AT is aware that Medusa has publicly announced a ransom for data,” Kimpton said via email. “We have no interest in engaging with this illegal and malicious activity. At this stage we believe that no personal or financial information has been compromised.”
“We are restoring our AT HOP systems throughout today and we really appreciate our customers’ patience. Customers should keep tagging on and off and our staff and operators are around our public transport network and at stations to assist customers as our systems come back online.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.