FBI, police investigating following extended ‘network outage’ at organization that runs TheBus

HONOLULU (HawaiiNewsNow) – The city confirms that the organization that runs TheBus is working with the FBI and Honolulu police to investigate a “network outage,” but Hawaii News Now has learned an international cybersecurity company is calling it a ransomware attack.

Monday was the third day of the outage at Oahu Transit Services.

International cybersecurity firm Falcon Feeds said on social media that OTS fell victim to DragonForce, a ransomware ring that operates out of Malaysia.

While TheBus and TheHandi-Van are still running, their websites are down.

In a statement, OTS said its network went down at approximately 1 a.m. Saturday.

“Oahu Transit Services’ (OTS) online services including the www.thebus.org website, HEA, and related real-time transit and GPS apps are currently unavailable,” the statement said.

“OTS is currently working on restoring all systems for TheBus and TheHandi-Van, and is investigating the cause. Passengers may experience delays in service today, Saturday, and we apologize for any inconvenience to our riders,” the statement continued.

Former HPD Deputy Chief John McCarthy said the outage certainly sounds like a ransomware attack — “so someone else is taking control of their system, at least in part, if not in full and controlling data and keeping it down, asking for some sort of ransom.”

“The information is unavailable, it’s apparently been locked down. You see it happen over an extended period of time because the company that owns that site is trying to buy time to think whether to pay the ransom, work out some sort of deal,” he added.

Associate Professor Debasis Bhattacharya is the director of the Center for Cybersecurity Education and Research at UH’s Maui College. He said the extended outage is “not a good sign.”

“They probably mean that there is a cyber attack or some cyber incident,” said Bhattacharya.

In December 2021, a ransomware attack shut down Oahu Transit Services computer systems. Back then, law enforcement sources said hackers had been in its system at least two weeks.

“Transportation has been targeted before and it’s actually a big target of our cyber enemies, including other critical infrastructures like wastewater plants, and power grids, and hospital systems, the community hospital system, so it’s a well-known target,” said Bhattacharya.

Also in 2021, the Honolulu Board of Water Supply shut down its time and attendance system after that system, Kronos, reported a cyberattack.

“The cybersecurity infrastructure security agency, or CISA, which which governs Hawaii, and region 9 has specifically stated that China or the People’s Liberation Army has, has targeted Hawaii and other states for our critical infrastructure,” said Bhattacharya.

Last month, an abrupt closure caused a disruption for thousands of patients at Malama I Ke Ola Health Center in Wailuku after what the community health center called an “IT security issue.”

And last year, UH negotiated to resolve a ransomware attack on Hawaii Community College.

Copyright 2024 Hawaii News Now. All rights reserved.