Medusa ransomware attack hit Kansas City Area Transportation Authority

Pierluigi Paganini January 28, 2024

Medusa ransomware gang claimed responsibility for the attack against the Kansas City Area Transportation Authority (KCATA).

On January 23, 2023, the Kansas City Area Transportation Authority (KCATA) suffered a ransomware attack.

The Kansas City Area Transportation Authority (KCATA) is a public transit agency in metropolitan Kansas City. It operates the Metro Area Express (MAX) bus rapid transit service in Kansas City, Missouri, and 78 local bus routes in seven counties of Missouri and Kansas.

As of 2022, the company reported an annual ridership of 10,572,100.

The company disclosed that attack on January 24, it immediately launched an investigation into the incident and notified appropriate authorities. The company hired external experts to restore impacted systems.

“A ransom cyber-attack hit the KCATA early Tuesday, January 23. We have contacted all appropriate authorities including the FBI.” reads the notice published by the company.

The KCATA states that the incident is not affecting its services, including fixed-route buses, as well as the Freedom and Freedom-On-Demand paratransit services.

“The main customer impact is the inability to make calls to regional RideKC call centers, including any KCATA landline.” continues the notice. “KCATA is working around the clock with our outside cyber professionals and will have systems back up and running as soon as possible”

KCATA did not disclose specific information about the attack, including details about the ransomware family that compromised its systems or whether a data breach occurred.

Meantime, the Medusa ransomware gang claimed responsibility for the attack against KCATA.

The ransomware gang added the company to its Tor leak site and published samples of the alleged stolen data as proof of the data breach.

The ransomware gang threatens to release all the stolen data unless the company pays a $2 million ransom. The Medusa group also offers the victims the option to extend the deadline by paying $100,000/day.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – Kansas City Area Transportation Authority, ransomware)

you might also like

leave a comment