The Steamship Authority did not pay a ransom after a cyber attack shut down the boat line’s IT and communications systems for more than a week in early June, general manager Bob Davis said Tuesday.
In a prepared statement provided at Tuesday’s meeting of the SSA governors, Mr. Davis provided only scant details about the incident, saying that the majority of customer-facing technology was back up and running and that a law enforcement investigation headed by the FBI remains ongoing.
But Mr. Davis confirmed that the boat line did not pay any money to the hackers after the ransomware attack.
“This incident was a criminal act. And we continue to work with law enforcement, as part of our ongoing investigation,” Mr. Davis said, reading from his prepared statement. “Although that investigation is ongoing, we do want our customers and public to know that the Steamship Authority did not pay a ransom, or engage with the cyber criminals.”
Tuesday’s rescheduled meeting was the first public appearance for boat line governors and senior managers in the aftermath of the attack. The regularly scheduled board meeting had been moved from last week.
Other than brief operational updates, the boat line has provided almost no information about the incident since it occurred on the morning of June 2. On Tuesday, Mr. Davis praised staff for keeping boats running throughout the attack, and said the safety of vessels was never compromised.
“The Steamship Authority takes the security of information technology systems seriously, and we are actively working with a third party cybersecurity forensic investigators, as well as law enforcement to determine the full nature and scope of the event,” Mr. Davis read from his statement.
Pressed by governors for more details on the incident, Mr. Davis stuck mostly to his prepared statemement. He declined to confirm whether customer data had been compromised in the attack.
“There’s been a lot of concern . . . about our inability to provide more detail,” Vineyard governor James Malkin said. “And I understand that while we’re working with insurance companies and the FBI and forensic software people that we can’t give away information that could be harmful to our customers. Having said that, is it fair to say . . . no customer data was taken from us?”
Boat line spokesman Sean Driscoll said previously that the SSA does not store customer credit card information. But Mr. Davis was more circumspect.
“At this time, we continue to work with the law enforcement, as well as the third party cyber security forensics investigators on all elements of this incident, and will continue to ensure that once information is available in that regard, we’ll be able to make that public,” he said.
Falmouth governor Kathryn Wilson and Mr. Malkin both pressed Mr. Davis.
“Are you saying that you can’t say one way or the other whether any customer data was taken?” Ms. Wilson asked.
“Until the investigation is completed by the law enforcement and our cyber security firm . . . ” Mr. Davis replied.
In his statement, Mr. Davis said most key customer-facing functions had returned to normal, including credit card and online reservation systems. After the attack travelers without vehicle reservations could only use standby, paying with cash at terminals.
Mr. Driscoll said in a follow-up email Tuesday that eFerry tickets and multiride cards are still not functioning more than three weeks after the incident occurred.
Mr. Davis continued to stay tight-lipped about when questioned by reporters near the end of the two-hour meeting Tuesday, citing the ongoing investigation. He declined comment on the origin of the attack, whether a ransom was requested, or the amount of the ransom.
He also declined to provide the name of the third-party cyber security firm contracted by the SSA.
He said the boat line was able to get its website up and running in a week through backups, although he could not provide details on the process. And he thanked staff for piecing together operations manually after internal communications systems, including email, went down on June 2.
“Thanks to our IT group, in terms of being able to utilize backups . . . we were able to get the systems up and running,” Mr. Davis said. “Being able to be up and running in the timeframe that they were is remarkable. And I’ll leave it at that.”
A form of malware that blocks data until a monetary payment is paid, ransomware attacks have become increasingly common in recent months, hitting everything from vital infrastructure to the meatpacking industry nationwide. The origin and nature of the incident, as well as the requested ransom, have been reported on in detail for other attacks.
In other business Tuesday, governors approved a licensing agreement request from Plymouth and Brockton bus line to use the Woods Hole terminal to run service to TF Green airport in Providence and Boston Logan airport. The bus line proposed running two trips to Providence daily, and seven trips to Boston.
After significant discussion, governors voted unanimously to allow the license on a trial basis. Mr. Davis also said the boat line would approve a similar licensing arrangement for the Peter Pan bus line, which runs service to Boston Logan airport as well.
SSA treasurer Mark Rozum gave an update on advance summer reservations for automobiles, which are up approximately 11 per cent over 2019, and up 14 per cent increase in July and a 40 per cent in September. August numbers are relatively flat, according to Mr. Rozum.
In a moment of irony, Mr. Driscoll also provided an update on the project to redesign the SSA website. An RFP for the project, which will cost between $1 and $2 million, was put out on June 1 — one day before the ransomware attack.
Mr. Driscoll said bids are due August 16, with a recommendation for the board expected by October.
“My celebration party on June 2 got cut short, obviously,” he quipped.
Comments (7)
Comments
Comment policy »