The Pierce County Public Transportation Benefit Area Corporation (Pierce Transit), a public transit operator in Washington state, has recently become a victim of a cyberattack using LockBit ransomware.
The attack, which began on February 14, 2023, forced Pierce Transit to implement temporary workarounds to maintain the service of its transit system that transports around 18,000 people daily.
LockBit Ransomware Group
LockBit has been the most widely used ransomware-as-a-service (RaaS) for some time now, based on the number of known attacks. It accounted for almost a third of all known RaaS attacks last year and peaked at almost half of all known ransomware attacks in September 2022.
In 2022, the largest ransom demand made by LockBit was a staggering $50 million. However, the ransomware group hasn’t tempered its ambitions in 2023, as it recently tried to demand $80 million from UK’s Royal Mail, but was unsuccessful in its attempt.
Attack Details
On February 28, the LockBit ransomware group published details of the attack on Pierce Transit, along with a public demand for just shy of $2 million in return for the stolen data. Typically, publishing data like this is a sign that negotiations have broken down or that the victim does not intend to pay. The ransomware group claims to have stolen contracts, client information, non-disclosure agreements, correspondence, and more, all of which are now on sale.
The financial impact of such an attack is not just limited to the eye-watering ransom demand. Even if a ransomware victim pays for a decryption key, it takes time to restore systems, and the total damages are almost always a multiple of the ransom.
Response and Restoration
The incident has been reported to law enforcement agencies, and forensic experts were brought in to investigate the nature and scope of the event. If LockBit managed to steal and leak client information, Pierce Transit intends to let them know. The majority of its operations have now been fully restored, and the company plans to implement new cybersecurity monitoring tools and security measures.
Public transportation is an essential service, and any long-term disruption of its internal networks could have a devastating effect on the people who rely on it to get to school, work, or medical appointments.
Although Pierce Transit managed to keep operations going, there will undoubtedly be financial losses resulting from system failure and damage restoration in the short and long-term.