fb-pixel Skip to main content

Ransomware attack disrupts Steamship Authority’s payment systems, website

Passengers make their way to the Martha’s Vineyard ferry after the Steamship Authority was hit by a ransomware attack.
Passengers make their way to the Martha’s Vineyard ferry after the Steamship Authority was hit by a ransomware attack.Jessica Rinaldi/Globe Staff

The Steamship Authority, which runs ferry service to Martha’s Vineyard and Nantucket, said Wednesday that it had been hit with a ransomware cyberattack that continued to affect its payment systems and its website throughout the day.

The authority said that customers “may experience some delays,” but it confirmed just after noon that all ferries were operating. It said it would continue to work with local, state, and federal officials to address the incident, but was “unable to release or confirm specific details of what occurred.”

“There is no impact to the safety of vessel operations, as the issue does not affect radar or GPS functionality,” the authority wrote in a Twitter thread. “Scheduled trips to both islands continue to operate, although customers may experience some delays during the ticketing process.”

Advertisement



The ferry operator said access to credit card systems to process vehicle and passenger tickets and parking lot fees was limited,” so it was encouraging customers to use cash. It also said customers were “unable to book or change vehicle reservations online or by phone,” adding that rescheduling and cancellation fees would be waived.

As of 6:30 p.m., the website was not accessible. The Steamship Authority said it expected ticketing would continue to be disrupted on Thursday.

Michael Tonello, co-owner of the fashion boutique Respoke, was looking out of the window of his shop on the Nantucket wharf Wednesday morning and noticed that a ferry remained docked for longer than usual.

“Usually the boats pull in with a full cargo of passengers, they unload, and then they reload . . . It runs almost like a commuter train, going back and forth” he said. “It was sitting there all morning. It is a little bit concerning.”

At noon, he heard a whistle that typically sounds before a ferry departs, and peered out the window again.

Advertisement



“There it goes; the Eagle is now leaving,” he said. “There are people on it; it is departing right this second.”

Around the same time, the Steamship Authority posted schedules for Martha’s Vineyard and Nantucket on Twitter, indicating it would continue sharing schedule information via social media. A spokesperson for the authority could not be reached for comment.

The authority did not say whether it had paid the hackers to release any data.

News of the ransomware attack came on the heels of several high-profile attacks on US companies. In such attacks, hackers often encrypt key files on an organization’s computer network and demand payment to release them.

On Tuesday, the White House said the world’s largest meat processor, JBS, had been hit by a ransomware attack that officials believe was initiated by a criminal group from Russia. Weeks earlier, drivers were lining up outside gas stations in the Southeast after hackers forced the nation’s largest fuel pipeline to temporarily shut down.

Charlie Gero, chief technology officer of Akamai Technologies’ security division, said the recent incidents show that cyber defenses at many companies are “not yet at the level they need to be.” He said the Cambridge software firm expects such attacks to increase in frequency.

“The Internet is not just the technology that powers social media and memes; critical infrastructure is increasingly reachable online,” he said in an e-mail. “This should serve as an incentive for all companies to audit their internal security practices and measures to ensure they are doing everything they can [to] not be the next headline.”

Advertisement





Travis Andersen can be reached at travis.andersen@globe.com. Follow him on Twitter @TAGlobe. Anissa Gardizy can be reached at anissa.gardizy@globe.com. Follow her on Twitter @anissagardizy8.