Central Virginia transit system hit by cyber incident


The organization that operates central Virginia’s public transportation system faced a computer network disruption due to a cyberattack over the Thanksgiving holiday.

The Greater Richmond Transit Company (GRTC) provides bus and specialized transportation services to millions of people in Richmond, Chesterfield and Henrico counties.

A spokesperson told Recorded Future News that around Thanksgiving they experienced a network outage that “temporarily impacted some applications and portions of the GRTC network.”

“In response, our IT staff quickly discovered and restored our IT network. GRTC has also engaged third-party IT professionals to investigate the nature and scope of the incident,” the spokesperson said.

“All services are currently operating as planned and GRTC does not expect any further disruption to commuters at this time.”

The spokesperson declined to answer further questions about whether it was a ransomware attack or whether any data was stolen during the incident.

The service – which is jointly owned by the city of Richmond and neighboring Chesterfield County – led more than 8.7 million trips in 2022 and last year served approximately 31,200 passengers per weekday.

The Play ransomware gang took the credit for the attack, posting the organization on its leak site Thursday. The group gave GRTC until December 13 to pay an undisclosed ransom.

The ransomware gang has made it a point to attack municipal services in 2023, launching devastating attacks against municipal services. city ​​of Oakland, Dallas County and the Town of Lowell, Massachusetts.

Many transit systems have come under attack over the past couple of years as they increasingly automate their services and systems. St. Louis Area Metro Call-A-Ride Service for People with Disabilities was attacked by ransomware actors in October, and a public transportation system in Washington state was attacked by a notorious ransomware gang in March.

San Francisco Bay Area Rapid Transit (BART) wash it with ransomware in January, its second incident in recent years. Similar casualties include the Silicon Valley region’s Santa Clara Valley Transportation Authority in 2021 and the Philadelphia region’s Southeastern Pennsylvania Transportation Authority in 2020.

The Cape Cod, Massachusetts, transit office it took weeks to recover last year after a ransomware attack over Memorial Day weekend, and the Toronto Transit Commission (TTC) reported an attack in November 2021. Vancouver, Montreal, Sacramento, Fort Worth, Philadelphia and Ann Arbor were all witnessed ransomware attacks on their transport systems over the last five years.

New York City’s Metropolitan Transportation Authority, one of the largest transportation systems in the world, was also hacked by a group based in China. Although the attack did not involve ransomware and caused no damage, city officials raised the alarm in a report that the attackers could have reached critical systems and left backdoors inside of the network.

Get more information with the

Future saved

Intelligence cloud.

Learn more.

No previous articles

No new articles

Jonathan Greig

Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

Leave a comment