Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Medusa Attacks. Show all posts

Auckland Transport Suffers Another Ransomware Attack, Mobile App and Website Affected


Official website of Auckland Transport has suffered another cyberattack where their mobile app and live departure displays have been compromised. 

The spokesperson for Auckland Transport (AT) said they believed this attack was is in fact linked to the most recent one, in which a ransomware gang known as Medusa demanded a US $1 million ransom and threatened to post AT's data online if it was not paid.

“The current issue is a malicious attempt to disrupt the traffic to our website, by overwhelming it with a flood of internet traffic - a distributed denial-of-service attack,” the spokesperson stated. “Customers are experiencing intermittent issues accessing our website, AT Mobile App, AT Park, Journey Planner and public information displays[…]We are working to maintain security and access to our website but anticipate these issues unfortunately may be ongoing for some time.”

AT further confirmed that it is “confident” that no customer data or financial details have been stolen.

Medusa's Attack on AT

AT was attacked by the Medusa ransomware gang on September 14. Dean Klimpton, the CEO of AT, responded to a Herald report on Medusa's attack where the attackers had threatened to post AT data on the dark web if a US$1 million ($1.7 million) ransom was not paid. 

“AT is aware that Medusa has publicly announced a ransom for data,” Klimpton said. “We have no interest in engaging with this illegal and malicious activity,” he added.

Klimpton further notes that there is a sign indicating that personal or financial data has been compromised in the September attack.

DDoS Attack

A distributed denial of service (DDoS) attack involves an army of bots that gain access to a website simultaneously, preventing ordinary users from accessing it. 

A distributed denial of service (DDoS) attack involves an army of bots that try to access a website simultaneously, overwhelming it and rendering it inaccessible to regular users. Cybersecurity professionals compared it to sheep blocking a country road. Users are blocked, but no data is at risk.

The DDoS attack this afternoon is Medusa's vengeful response to AT's unwillingness to pay the cyber ransom; it poses no harm to any data.

Also, AT’s app suffered an outage earlier this morning, however AT claims that it was just a regular glitch that was not related to the cyberattack.  According to Brett Callow, a threat analyst with the New Zealand-based security company Emsisoft, on August 14 Medusa launched a DDoS attack against Levare International. This company produces prosthetic limbs in Dubai.

Though Medusa originally appeared in 2021, it was not until this year that the ransomware group made headlines.

According to Callow, the organization has taken credit for assaults against the Minneapolis Public School System, Tonga Communications, and the Crown Princess Mary Cancer Centre in Australia, which resulted in the release of private student and teacher records.

Ransomware gangs are often situated in Eastern Europe or Russia due to a combination of computer skills and authorities that are frequently unwilling to cooperate with Western agencies. The location of the gang's base of operations is currently unknown.