March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – CVE-2024-20305 – Cisco Unity Connection Vulnerability
January 29, 2024
Rewterz Threat Advisory – Multiple Jenkins Qualys Policy Compliance Scanning Connector Plugins Vulnerabilities
January 29, 2024
Rewterz Threat Alert – CVE-2024-20305 – Cisco Unity Connection Vulnerability
January 29, 2024
Rewterz Threat Advisory – Multiple Jenkins Qualys Policy Compliance Scanning Connector Plugins Vulnerabilities
January 29, 2024
Severity
High
Analysis Summary
The Kansas City Area Transportation Authority (KCATA) was targeted with a ransomware attack on January 23, 2023. The Medusa ransomware gang recently claimed responsibility for the attack and added the company to its leak site on the dark web.
The Kansas City Area Transportation Authority (KCATA) is a public transit agency within the metropolitan Kansas City and operates the Metro Area Express (MAX) bus rapid transit service with 78 local bus routes in seven counties of Missouri and Kansas. The company has reported an annual ridership of about 10,572,100 as of 2022. The KCATA immediately launched an investigation into the attack by notifying the authorities after disclosing it on January 24. The company also hired external security experts to restore the impacted systems.
A notice published by the company reads, “KCATA is working around the clock with our outside cyber professionals and will have systems back up and running as soon as possible.”
The company said that the incident has not impacted its services like fixed-route buses and the paratransit services that are still operational. The primary customer impact is not being able to call the regional RideKC call centers that include any KCATA landline.
Specific information about the attack wasn’t disclosed, like the details about the ransomware family that infected KCATA’s systems or whether a data breach occurred. However, the Medusa ransomware gang has published samples of alleged stolen information as proof of the data breach on its Tor leak website, claiming responsibility for the attack.
The ransomware threat group demands a $2 million ransom, threatening to publicly release all stolen data otherwise. The Medusa gang also offers an option to the company to extend the deadline for a day by paying $100,000.
Impact
- Financial Loss
- Sensitive Data Theft
- Operational Disruption
Remediation
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
- Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.
- Enable two-factor authentication.
- Implement network segmentation and keep offline backups of data to guarantee minimal downtime for the organization.
- Updates for operating systems, applications, and firmware should be installed as soon as possible.
- Check the active directories, servers, workstations, and domain controllers for new or unfamiliar accounts.
- To create safe distant connections, consider installing and utilizing a virtual private network (VPN).