The Kansas City Area Transportation Authority (KCATA) disclosed that it experienced a targeted Medusa ransomware attack on Tuesday, January 23.
KCATA (Kansas City Area Transportation Authority) is a bi-state public transit agency that serves seven counties in Missouri and Kansas, managing 78 bus routes and 6 MetroFlex routes with a fleet of 300 buses. The company estimates that approximately 10.5 million individuals utilize their services annually.
On Wednesday, Kansas City public transportation authority officially announced that the ransomware attack had affected all of its communication systems.
“A ransom cyber-attack hit the KCATA early Tuesday, January 23. We have contacted all appropriate authorities, including the FBI,”
“The primary customer impact is that regional RideKC call centers cannot receive calls, nor can any KCATA landline.”
Reads the announcement.
Medusa Ransomware Claims the Cyberattack on KCATA
KCATA (Kansas City Area Transportation Authority) has confirmed that the recent cyber-attack on their systems was attributed to the Medusa ransomware. The attackers have claimed responsibility and have posted samples of alleged KCATA data on their dark web extortion portal.
KCATA has been given a 10-day deadline to engage in negotiations, with the ransom demand set at $2,000,000. Additionally, the threat actors have offered an option to extend the deadline for making the stolen data public, with a daily fee of $100,000 for each day of extension.
Medusa Ransomware Attack Impacted Communications of KCATA
As a result of the Medusa ransomware attack, the Kansas public transportation authority has issued alternative phone numbers for Freedom and Freedom-On-Demand Paratransit customers who require trip scheduling.
Despite the impact on call centers, it’s important to note that KCATA routes and passenger transit operations continue to operate normally without any disruption.
“All service is operating, including fixed-route buses, Freedom and Freedom-On-Demand paratransit service,”
“KCATA is working around the clock with our outside cyber professionals and will have systems back up and running as soon as possible,”
Explained KCATA.
People can still access the ridekc.org website and use the transit app to retrieve bus schedule information as usual. These Public Transit Services in Kansas City have not been affected by the cyber-attack.
The concern regarding data theft in ransomware incidents is real as it may potentially expose personal and payment details of customers. KCATA has not provided any information regarding the exposure of sensitive information for registered members and pass holders to cybercriminals.
It is advisable to stay updated with official announcements from KCATA for any further developments or actions to be taken to ensure data security.
