Auckland Transport Hit by Medusa Ransomware: What You Need to Know

Auckland Transport Hit by Medusa Ransomware: What You Need to Know
Photo by Gabriel Santos / Unsplash

Introduction

Auckland Transport, the public transport agency in New Zealand, recently fell victim to a "cyber incident" that severely disrupted its ticketing systems. The Medusa ransomware group is suspected to be behind the attack. While Auckland Transport is gradually restoring its services, the incident has led to significant delays and inconvenience for commuters. Here's everything you need to know about the cyberattack and its implications.

Timeline of the Incident

The cyber incident began on Monday, 18 September 2023, and had a widespread impact on Auckland Transport's services. It affected online top-ups of travel cards, ticketing machines, a ferry terminal, and customer service centers. By 8 pm New Zealand time on the same day, some progress was made in restoring services. Auckland Transport is currently in the process of bringing its systems back online, with different services resuming at different times.

Customer Data and Financial Security

One of the major concerns in any cyberattack is the security of customer data. Auckland Transport has assured that customer data, including financial information, is believed to be secure. The organization has activated its cybersecurity protocols to safeguard against further risks.

Medusa's Ransom Demands

The Medusa ransomware group has claimed responsibility for the attack and has posted information about the incident on its darknet leak site. The group is demanding a $1 million ransom for data deletion or download and an additional $10,000 to extend the data publication timer. Auckland Transport CEO Dean Kimpton stated unequivocally that the agency has no intention of negotiating with the ransomware group.

Verifying Medusa's Claims

As of now, Medusa has not provided any samples of the data it claims to hold, making it difficult to verify the authenticity of their claims. The group has stated that it would publish the data within seven days. 290 people have viewed the ransom demand page at the time of reporting.

Auckland Transport's Response

Auckland Transport is urging its customers to continue using their services as they come back online. The agency is also providing assistance at public transport stations to help commuters during this challenging period. The focus is on restoring systems and ensuring the security of customer data.

Conclusion

The cyberattack on Auckland Transport serves as a reminder of public agencies' vulnerabilities in the digital age. While the agency is working diligently to restore services and secure customer data, the incident raises questions about the preparedness of public transport systems against sophisticated cyber threats. As Auckland Transport refuses to negotiate with the Medusa ransomware group, it remains to be seen how the situation will unfold in the coming days.

For the latest updates on this incident, stay tuned to Auckland Transport's official channels and exercise caution while using their services during this period.

Disclaimer: This article is based on the information available at the time of publication and may be subject to updates.

Read more