Philadelphia SEPTA transport system suffers ransomware attack

The Southeastern Philadelphia Transportation Authority (SEPTA) has confirmed the detection of a malware attack on its servers. According to pentesting course specialists, the incident has prevented SEPTA from sharing relevant information about the trips since Monday. The report was published by The Philadelphia Inquirer.

Local authorities began an investigation after SEPTA reported some technical problems over the weekend, although they eventually had to turn to the Federal Bureau of Investigation (FBI) and outside cybersecurity experts. As an incident handling method, SEPTA shut down multiple systems that operate in real time, in addition to its payroll and remote timing systems.

SEPTA announced that SEPTA Key, the user’s card to enter the transport system, was not compromised during the incident: “We are doing our best to address this situation, we hope we will not have to close our systems again,” the authority says. Specialists from the pentesting course assure that SEPTA is not the only organization affected, although additional details have not been revealed.

How long the SEPTA systems will be affected is still unknown, as the variant of malware used by threat actors has not been disclosed, although specialists think it may be a ransomware attack. Users of the public transport system began to detect some failures on Monday morning, reporting the incidents on social networks, a situation that lasted until last Tuesday.

The recommendation for customers is to consult the printed schedules or request reports from the personnel at the affected stations until the information systems can be restored. This incident occurred at an inconvenient time, as people are returning to their daily activities after the period of isolation due to the pandemic, and any damage to public transport systems ends up affecting users.

According to pentesting course experts, last year, cybercriminals led SEPTA to close an online store that sold tickets and merchandise. Hundreds of customers are likely to have been victims.