Cyber Incident Victim: Massachusetts Steamship Authority
Date:
Jun 2021
Location:
United States of America
Summary
The Steamship Authority, Massachusetts' largest ferry service, experienced a ransomware attack disrupting ticketing, reservations, and credit card processing systems, though vessel operations and safety-critical systems like radar and GPS remained unaffected. Customers faced delays and were advised to use cash due to limited electronic payment availability, while online and phone reservation services became temporarily inoperable. The incident occurred amid a broader wave of ransomware attacks targeting U.S. entities, with officials indicating potential links to Russian-based threat actors and high-level governmental discussions planned to address the escalating cyber threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 2, 2021, the Steamship Authority—Massachusetts’ largest ferry service operating routes to Martha’s Vineyard and Nantucket—experienced a ransomware attack disrupting critical reservation and ticketing systems. The organization confirmed the incident publicly on Wednesday, June 3, clarifying that vessel operations, including radar and GPS functionality, remained unaffected, allowing scheduled trips to continue with potential ticketing delays. Immediate operational impacts included the unavailability of online and phone reservation services, preventing customers from booking or modifying travel plans digitally or by telephone. Credit card processing systems were severely limited at terminals and parking facilities, prompting the Steamship Authority to advise customers to use cash for transactions. Internal teams collaborated with local, state, and federal officials to investigate and remediate the attack, though full service restoration remained incomplete by Thursday, June 3. The disruption persisted for at least two days, with no public confirmation of whether threat actors exfiltrated data or issued ransom demands.
The incident occurred amid a surge in high-profile ransomware attacks against U.S. infrastructure and supply chains in May and June 2021, including the Colonial Pipeline shutdown by DarkSide and the JBS meat processing disruption by REvil. U.S. officials attributed these attacks to Russian-based cybercriminal groups, prompting the Biden administration to announce plans to address ransomware threats directly with Russian President Vladimir Putin during the June 16 Geneva summit. The Steamship Authority’s response prioritized maintaining ferry operations while mitigating financial transaction bottlenecks through cash-based workarounds. No customer safety risks or vessel navigation impairments were reported, though the prolonged ticketing system outage created logistical challenges for travelers. Recovery efforts focused on restoring credit card processing and reservation platforms, with no disclosed timeline for full operational normalization at the time of reporting.