Cyber Incident Victim: Cape Cod Regional Transit Authority

The Cape Cod Regional Transit Authority (CCRTA) experienced a ransomware attack during Memorial Day weekend in late May 2022, specifically impacting its servers and communication systems. The incident was detected on Monday, May 30, when staff received an email notification that files on their servers had been encrypted, rendering them unreadable. Ransomware typically involves attackers demanding payment to restore access, but CCRTA Administrator Tom Cahir confirmed staff did not engage with the perpetrators, leaving their specific demands unknown. The agency promptly involved federal and state law enforcement, including the FBI and Massachusetts State Police, who initiated an investigation into the attack’s origins. CCRTA’s IT team implemented immediate containment measures to maintain operational continuity while isolating affected systems.

The attack disrupted CCRTA’s Dial-a-Ride Transportation (DART) service, which relies on an onboard digital communication system to schedule rides electronically. DART temporarily shifted to manual route mapping to sustain operations, requiring staff to coordinate bookings without automated tools. Despite this adjustment, both DART and the agency’s fixed-route hourly bus services continued running without major interruptions. Cahir emphasized that no passenger transportation schedules were canceled, crediting staff efforts to mitigate impacts. Recovery efforts remained ongoing as of June 13, with officials working to restore encrypted systems and full digital functionality. Law enforcement authorities affirmed CCRTA’s response aligned with recommended protocols, though no timeline for full recovery or attribution of the attack was disclosed in available reports.