The Steamship Authority, which runs ferry service to Martha’s Vineyard and Nantucket, said Wednesday that it had been hit with a ransomware cyberattack that continued to affect its payment systems and its website throughout the day.
The authority said that customers “may experience some delays,” but it confirmed just after noon that all ferries were operating. It said it would continue to work with local, state, and federal officials to address the incident, but was “unable to release or confirm specific details of what occurred.”
“There is no impact to the safety of vessel operations, as the issue does not affect radar or GPS functionality,” the authority wrote in a Twitter thread. “Scheduled trips to both islands continue to operate, although customers may experience some delays during the ticketing process.”
Advertisement
The ferry operator said access to credit card systems to process vehicle and passenger tickets and parking lot fees was limited,” so it was encouraging customers to use cash. It also said customers were “unable to book or change vehicle reservations online or by phone,” adding that rescheduling and cancellation fees would be waived.
As of 6:30 p.m., the website was not accessible. The Steamship Authority said it expected ticketing would continue to be disrupted on Thursday.
The Steamship Authority continues to work with our team internally, as well as with local, state, and federal officials externally, to address today’s ransomware incident. At this point, we are unable to release or confirm specific details of what occurred.
— Steamship Authority (@SteamshipMA) June 2, 2021
Michael Tonello, co-owner of the fashion boutique Respoke, was looking out of the window of his shop on the Nantucket wharf Wednesday morning and noticed that a ferry remained docked for longer than usual.
“Usually the boats pull in with a full cargo of passengers, they unload, and then they reload . . . It runs almost like a commuter train, going back and forth” he said. “It was sitting there all morning. It is a little bit concerning.”
At noon, he heard a whistle that typically sounds before a ferry departs, and peered out the window again.
Advertisement
“There it goes; the Eagle is now leaving,” he said. “There are people on it; it is departing right this second.”
Around the same time, the Steamship Authority posted schedules for Martha’s Vineyard and Nantucket on Twitter, indicating it would continue sharing schedule information via social media. A spokesperson for the authority could not be reached for comment.
The authority did not say whether it had paid the hackers to release any data.
The Woods Hole, Martha's Vineyard and Nantucket Steamship Authority has been the target of a ransomware attack that is affecting operations as of Wednesday morning. As a result, customers traveling with us today may experience delays. 1/2
— Steamship Authority (@SteamshipMA) June 2, 2021
News of the ransomware attack came on the heels of several high-profile attacks on US companies. In such attacks, hackers often encrypt key files on an organization’s computer network and demand payment to release them.
On Tuesday, the White House said the world’s largest meat processor, JBS, had been hit by a ransomware attack that officials believe was initiated by a criminal group from Russia. Weeks earlier, drivers were lining up outside gas stations in the Southeast after hackers forced the nation’s largest fuel pipeline to temporarily shut down.
Charlie Gero, chief technology officer of Akamai Technologies’ security division, said the recent incidents show that cyber defenses at many companies are “not yet at the level they need to be.” He said the Cambridge software firm expects such attacks to increase in frequency.
“The Internet is not just the technology that powers social media and memes; critical infrastructure is increasingly reachable online,” he said in an e-mail. “This should serve as an incentive for all companies to audit their internal security practices and measures to ensure they are doing everything they can [to] not be the next headline.”
Advertisement
Travis Andersen can be reached at travis.andersen@globe.com. Anissa Gardizy can be reached at anissa.gardizy@globe.com. Follow her on Twitter @anissagardizy8 and on Instagram @anissagardizy.journalism.