John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
LA Metro spotted unauthorized network activity on March 16 and started shutting things down. Smart move. The problem: they’re still bringing things back two weeks later.
The agency is checking roughly 1,400 servers individually before restoring each one. As board member Fernando Dutra put it: “We’re a beast. Before we can turn the water spigot back on, we have to go through and check each one of these servers.”
Good news: trains and buses never stopped running. Whatever got hit was administrative, not the operational tech that moves people. Either Metro got lucky or their network segmentation did its job.
The WorldLeaks ransomware group claims credit and says it grabbed 160GB. Metro hasn’t confirmed any of that and says they still don’t know who’s behind it or what data was targeted.
LA Metro joins a growing list of California public agencies that’ve been hit: LA County courts, UCLA, San Bernardino County (which paid $1.1M in ransom), and LAUSD. Big, complex, underfunded IT infrastructure makes a tempting target every time.