Another Texas-based government institution may have fallen victim to ransomware actors. According to a reliable source, the cybercriminals behind the malicious encryptor NetWalker have published online evidence of an attack on Trinity Metro, a transit agency that operates bus and commuter rail transportation services in Fort Worth and its nearby Tarrant County suburbs.
Trinity Metro is responsible for 8 million passenger trips annually, the agency's website states.
"Due to a technical issue we experienced this morning, all of our phone lines are down including our customer service line and ACCESS booking system," Trinity Metro said in a July 1 website notification. The agency advised passengers to call a special phone number of send a message via Facebook if they have an ACCESS trip scheduled while the system is down or if they need to schedule future travel.
The agency sent a similar tweet as well, and followed it up later in the day, noting that "Our IT team is working tirelessly to resolve the issue that brought our phone lines down earlier this morning."
The post on NetWalker gang's dump website lists more than 200 Trinity Metro folders containing information that was apparently exfiltrated from the agency before its systems were disrupted. This development is in keeping with a recent strategy adopted by certain ransomware extortion groups: to not only encrypt files and incapacitate business systems, but also steal data and threatening to publish it if they do not receive payment.
Examples of Trinity Metro's stolen folder names, which offer a hint of the content inside, include "Accounting and HR Shared," "Daily Operations Documents," "Planning Documents," and "Security."
On May 14, the Texas Department of Transportation was struck with a ransomware attack that researchers have now attributed to a newly discovered ransomware called Ransom X. Less than a week earlier, the Texas Office of Court Administration, the IT provider for the appellate courts and state judicial agencies within the Texas Judicial Branch, disclosed that a ransomware attack had impacted the branch's network.
And last August, a coordinated ransomware attack hit the systems of 22 small towns in Texas.
SC Media has reached out to Trinity Metro for comment and for confirmation of attack.