Information at a Glance for Travelers

The Steamship Authority was hit with a debilitating ransomware attack early Wednesday morning that reverberated across operations for the lifeline to the Islands, crashing the website, halting vehicle reservations and crippling internal communication systems.

By Thursday morning — more than 24 hours after the cyber attack — SSA staff were still scrambling to assess the impacts, with all website, reservation, email and other communication systems down and no immediate timeline for recovery.

An early Friday morning update on the SSA’s temporary website said impacts would continue for the third consecutive day. In a second update that went out midday Friday, SSA spokesman Sean Driscoll said that the boatline had established a new, temporary website with fare, schedule and parking information. 

"At this point we are unable to release any further details," Mr. Driscoll wrote in the most recent update.

Steamship Authority officials and a Coast Guard spokesman confirmed that local, state and federal law enforcement agencies, including the Federal Bureau of Investigation, had been briefed on the attack. The FBI was taking the lead on the investigation, according to Coast Guard spokesman Amanda Wyrick, who spoke to the Gazette by phone Wednesday. Boats were running on schedule Wednesday and Thursday, with minor delays, but little else was normal with the SSA’s landside operations. Customers were asked to use cash at ticket terminals, with only limited credit card processing available. Manual, hand-written carbon copy receipts were being provided to vehicle passengers with prior reservations, which are being honored.

All other customers without a vehicle reservation are required to travel standby until further notice, according to SSA communications director Sean Driscoll. With the website down, vehicle reservations cannot be scheduled either online or over the phone. Cancellation fees are being waived.

“We can’t make or change reservations,” Mr. Driscoll said. “Anyone who wants to travel without a reservation will have to do so on standby.”

In a brief phone interview Thursday, Mr. Driscoll said after the cyber attack crippled online services, the SSA instituted storm protocols already in place in the event of a loss of power and communications, quickly transitioning to manual operations.

“We have procedures in place in case we lose communications,” Mr. Driscoll said. “We treated this as a hurricane, just a different variety.”

On Thursday the SSA was still in the throes of the fiber-optic storm.

Mr. Driscoll said he could share few internal details about the cyber attack and that the response was ongoing. He confirmed that it was a ransomware attack that occurred sometime early Wednesday morning, but could not provide further information regarding the extent or origin of the attack. No timeline was available for how long the website and reservation systems would be down.

“I’m not going to put any dates out there right now. There’s still too much happening,” Mr. Driscoll said.

Mr. Driscoll said the response was being handled at the executive level by general manager Bob Davis, as well as Curt Van Riper, who runs the SSA information technology department, and other employees involved with scheduling and ticketing. He said the SSA had brought in consultants, as well as law enforcement, to assist in the response. Attorneys and insurance personnel were also involved, he said.

“We’re working with our internal IT team. We have third party vendors that we’re working with, as well as teams from law enforcement,” Mr. Driscoll said. “So there are multiple teams inside and outside the building that are working on this.”

Despite the widespread system problems, Mr. Driscoll said no customer credit card information had been compromised, because that information is not stored on the website, nor are vehicle identification numbers.

The boat line website went down early Wednesday morning, displaying various temporary home pages and error messages throughout the day.

A 9:30 a.m. statement from Mr. Driscoll confirmed the ransomware attack and said boat line operations could be disrupted and delayed, indicating that the SSA email server was down with further updates expected.

Attacks from ransomware — a form of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid — have become increasingly common across the country, with separate attacks disrupting everything from university operations, to the meat industry to gas pipelines throughout the American South. Victims have had to pay a monetary ransom to regain control of their data.

On Thursday, national news outlets reported that the Biden administration had issued a rare open memo to business leaders across the country urging protection against ransomware attacks, saying that the threats were serious and increasing across all sectors.

The wide-ranging fallout from the SSA attack became clearer as Wednesday progressed, with Mr. Driscoll releasing a flurry of short press updates and posting various information to social media. Regional and national news outlets picked up the story.

The Coast Guard emphasized that the attack did not affect vessel safety or the safety of travelers.

Boats ran mostly on schedule, but the ticketing system was changed over to paper, with cash preferred for monetary transactions.

The broader extent of the attack still remains largely unclear.

Reached by phone Thursday, Vineyard SSA governor Jim Malkin declined to comment because of the sensitivity of the issue, but said that board members had been individually briefed on the situation.

At boat line terminals there was relative calm, with ferry attendants checking customers onto boats manually and accepting paper tickets from drivers.

“We had a major cyber attack and we didn’t cancel a single boat yesterday,” Mr. Driscoll said Thursday. “I feel great about that.”