The Steamship Authority continues to reel from a ransomware attack on June 2 that penetrated its land-based computer systems. The cyber-attack sank the ferry line’s reservation system and website, and sent the terminals back to the analog era of pen and paper.
In the days since the attack, ferry passengers have been asked to purchase tickets with cash, and have mostly been at the mercy of standby to get on and off the Island. On Tuesday, the ferry service began taking new reservations at its Mashpee call center, and can now take them at terminals, as well.
The FBI is the lead law enforcement agency in the investigation, according to the U.S. Coast Guard. The Massachusetts State Police Cyber Security Unit and local authorities are also involved. In a release Wednesday, SSA spokesman Sean Driscoll said, “Our investigation into this incident is ongoing, and with the assistance of third-party cybersecurity and forensic investigators, we are working to determine the full nature and scope of the event. We will continue to provide updates as appropriate.”
While the SSA has given several updates about service and what has been restored — telephone reservations at the Mashpee reservation office on Tuesday, for instance — it has been extraordinarily reticent regarding details of the attack and the investigation into the attack.
On Wednesday, the seventh day after the attack, the SSA announced reservations could be made in person at any one of its five ferry terminals. Online reservations remain hobbled, however.
“At this time, the terminals are only making reservations for Islander preferred spaces, which are available to seasonal and full-time Island residents only, and for travel related to medical appointments,” Driscoll wrote. “All other new reservations or changes to existing reservations for either vehicles or passengers on our fast ferry should be made by calling the reservation office [508-477-8600]. The reservation office is currently accepting reservations for travel through June 16, 2021. If any segment of your travel or planned travel occurs between those dates [June 9-16], you may now call the reservation office. We will start accepting requests for reservations for travel beyond those dates in the near future.”
Driscoll noted the Mashpee office will be open 7 am to 6 pm through Friday.
Alison Roche, a part-time resident of Oak Bluffs, told The Times she was pleased with the SSA’s service, despite the problems it was dealing with. Roche said her daughter had been very sick, and needed to get off-Island to see her doctor. She was so sick, Roche said, she couldn’t hold down food.
“Walking on the ferry wasn’t a possibility,” Roche said. “We needed to drive off.”
Roche said she was “shocked” her call was answered on the first ring. She was told that to get a reservation, medical or otherwise, she needed to go to the terminal in person.
When she got there, she found no lines, and got a reservation, she said.
A staffer first told Roche it might be dicey to get her and her daughter on the next boat, but when she explained it was a medical emergency, “he said, Sure, pull right up, I’ll take you right now.”
Roche praised the SSA. “It was excellent service,” she said. “They had my daughter’s best interest at heart.”
The SSA is honoring existing reservations, and waiving cancellation fees during the crisis: “Scheduled trips to and from the islands continue to operate safely as scheduled, although some delays in the ticketing process may occur. We will continue to work to accommodate customers as soon as possible who need to travel for an urgent medical need. Some credit card access is now available at terminals and parking lots, but the use of cash will help speed the process of completing the transaction.”
In a statement to The Times, the Boston FBI office declined to comment, based in part on a philosophy of shielding the victim: “We cannot comment on specific incidents because victims should feel confident that when reporting a crime to the FBI, their status as ‘victim’ is paramount to the investigation, and that their identity will not be disclosed. If a victim wants to disclose our involvement, we leave it up to them to do so. Generally speaking, ransomware continues to be a persistent threat.”
The Boston Division of the FBI has received “at least two to three reports a week from new victims,” and believe the actual rate of infection is much higher than what is reported, according to the statement: “In calendar year 2020, there were more than 90 reports of ransomware infections in FBI Boston’s area of responsibility.” The FBI stated in most of these ransomware cases, the initial attack vector is overwhelmingly one of two scenarios.
- A spear-phish email or phishing campaign.
- An attack on the victim’s RDP services. RDP stands for remote desktop protocol, and is often left open to users seeking to connect to the computer’s graphical user interface.
The agency took the position that ransomware victims shouldn’t give in to demands.
“The FBI encourages ransomware victims to not pay a hacker’s ransom demand,” the agency stated. “This is because payment 1) encourages continued criminal activity, 2) there is no guarantee the hacker will decrypt a victim’s files, and 3) affected files can sometimes become corrupted from encryption, thereby rendering them unrecoverable.”
For further tips on ransomware and how to report an attack by it, the agency provided a link,