Ransomware affected Philadelphia SEPTA transport payroll, time keeping & real-time schedule system

A couple of weeks ago cyber security solutions experts reported a ransomware attack that affected Southeastern Pennsylvania Transportation Authority (SEPTA). Although few details about the incident were revealed at the time, more than 10 days have passed and the infection continues to wreak havoc on the organization.

According to reports, the attack affected their servers, which has diminished SEPTA’s ability to provide real-time transportation information, so they have had to improvise and resort to methods used before technology was here to make our lives easier.

Information system failures have affected passengers, who have limited data on the operating hours of public transport systems in Pennsylvania. In this regard, a SEPTA spokesperson mentions: “In no way do we try to discriminate against users who do not have the ability to access online information systems; real-time schedules will be restored shortly.”

In addition to the users of the local transportation system, the main ones affected are the employees of the organization, who each day embark on a new battle to keep SEPTA operations afloat without the use of business systems, some have even used their personal emails and their own phone numbers in order to work. As if that weren’t enough, they’re still unsure how long the affected systems will be restored, as mentioned by cyber security solutions experts.

While SEPTA has not provided further details about the attack, everything indicates that the damage done to its systems is high, as believed by Michael Levy, a former computer crime investigator in the Office of the Attorney for the Eastern District of Pennsylvania. Among the systems disconnected by SEPTA after the incident are payroll and remote timing, which remain closed until today. “The time that the systems have been offline suggests that the malware may have infected other areas in the SEPTA enterprise network,” Levy says.

Cyber security solutions experts mention that perpetrators of these attacks often access the target system using phishing emails, tricking employees into handing over user credentials or clicking on links that redirect to malicious sites. SEPTA have not yet determined the exact causes of this infection, although the attack on an unsuspecting user is the most likely explanation.