Prasarana has confirmed that it has experienced a cyberattack. The company did not provide in-depth details regarding the attack but said that it involved unauthorized access to some of its internal systems.
According to its press statement, Prasarana’s internal cybersecurity team is currently handling the situation. The company is also working with external cybersecurity experts together with National Cybersecurity Agency (NACSA) and CyberSecurity Malaysia to investigate the incident and implement mitigation measures.
Despite the cyberattack, Prasarana said that this incident does not affect its daily operations. Meanwhile, several cybersecurity observers have said the attack on Prasarana may have involved ransomware.
Over 300GB of Prasarana’s data might be affected
One such platform is FalconFeeds.io which noted that Prasarana may have been attacked by a ransomware gang that called itself RansomHub. The About section of the group’s darknet site stated that RansomHub consisted of hackers from all over the world and solely driven by money.
In other words, RansomHub is a ransomware-as-a-service outfit. That being said, the group has said it will not attack certain entities including the Commonwealth of Independent States (CIS), Cuba, North Korea, China, non-profit hospitals, and selected non-profit organisations.
RansomHub has also put up a countdown timer for Prasarana files on the homepage of its darknet site which seems to signal that the company may have around 6 days to respond. In addition to that, the timer also noted that there was 316GB of data involved in the attack.
If the claim by RansomHub is true, then this is not the first time that Prasarana has fallen victim to a ransomware attack. This is because the company apparently encountered a similar attack last year which affected the MRT Putrajaya line although the tweet that acknowledged the ransomware incident was quickly deleted.