Pierluigi Paganini December 26, 2024

A ransomware attack on Pittsburgh Regional Transit (PRT) was the root cause of the agency’s service disruptions.

On December 23, 2024, Pittsburgh Regional Transit (PRT) announced it was actively responding to a ransomware attack that was first detected on Thursday, December 19.

Pittsburgh Regional Transit (PRT) is the public transportation agency that serves the Pittsburgh metropolitan area in Pennsylvania, USA. It operates a variety of transit services, including buses, light rail (the “T”), and incline services, providing transportation options for commuters and residents in the region. PRT aims to offer safe, affordable, and reliable transit solutions to meet the needs of the local population.

The ransomware attack caused significant service disruptions to local transportation in Pittsburgh.

The agency has notified law enforcement and is investigating the security breach with the assistance of cybersecurity experts.

Rail services were temporarily disrupted Thursday morning, but transit services have resumed normal operations.

“Upon discovering the incident, PRT immediately launched an investigation, activated its Cyber Incident Response Team, notified law enforcement, and engaged nationally recognized third-party cybersecurity and data forensics experts. These teams are working diligently to determine if any information has been compromised.” reads the statement published by the agency on its website.

“While rail service experienced temporary disruptions on Thursday morning, transit services are currently operating as normal. However, some other rider services remain negatively impacted, including PRT’s Customer Service Center, which is temporarily unable to accept or process Senior and Kid’s ConnectCards.”

At this time it is unclear if the threat actors have stolen data after having breached the agency’s systems.

The agency did not provide further details about the cyber attack such as the ransomware gang behind the incident. No ransomware group has claimed responsibility for the cyber attack.

On January 23, 2023, the Kansas City Area Transportation Authority (KCATA) suffered a ransomware attack.

The Kansas City Area Transportation Authority (KCATA) is a public transit agency in metropolitan Kansas City. It operates the Metro Area Express (MAX) bus rapid transit service in Kansas City, Missouri, and 78 local bus routes in seven counties of Missouri and Kansas.

In April 2021, China-linked APT breached New York City’s Metropolitan Transportation Authority (MTA) network exploiting a Pulse Secure zero-day.

In December 2020, Egregor ransomware operators hit Metro Vancouver’s transportation agency TransLink causing the disruption of its services and payment systems.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Pittsburgh Regional Transit)