The hackers demanded $ 3.7 million in “ransom” from the Montreal transport company; The STM says it won’t pay


MONTREAL – Hackers demanded US $ 2.8 million from the STM in their recent cyberattack, the transit company said today, 10 days after the attack took its website offline. The STM said it was not paying the “ransom,” which was demanded in exchange for the release of encrypted servers.

“The STM maintains its decision not to follow up on this request,” she said in a statement Thursday, after finally making contact with the hackers.

The amount they demanded is just over $ 3.7 million Canadian.

The attack came as a result of a phishing email, according to the STM – an unsuspecting employee likely clicked on a link containing malicious malware, called RansomExx.

The same ransomware has been used in several large-scale attacks in the United States over the summer, including the Texas Department of Transportation.

A thousand of the 1600 STM servers were affected by the attack, including 624 “operationally sensitive” servers, according to its press release.

“Seventy-seven percent of these have already been recovered, thanks to the hard work of our IT teams,” said the STM.


The transport authority maintained that no data was stolen during the attack. But it may be too early to know if this claim is true, experts say.

“I wouldn’t be surprised if in a few months, somewhere on the dark net, you see an active store of information stolen from the STM,” said Steve Waterhouse, former head of information systems security for Defense. national, in an interview with CTV News.

“In most of these ransomware attacks recently,” he said, hackers “come in and stay inside as a persistent threat, document everything, grab a few crisp files and escape.”

It was only then that the hackers “set up a smokescreen” creating the illusion of a ransomware attack, he said.

“They ask for the ransom in the first row, then come back later and ask for a second ransom,” he said.

“They have the files that they can show the company and say, ‘If you don’t want them distributed over the Internet, let’s talk… business’.”


The attack on October 19 had serious consequences beyond the closure of the STM website.

It also shut down the system’s paratransit reservation system for over a week, leaving a lot of mobility issues stuck. This service has since been restored, according to the STM.

The overtime and bonus pay system was also briefly affected, but the STM said it had managed to pay its 11,000 employees almost normally.

Even today, the Center-Ouest de Montréal health district announced that it had also been the victim of a cyberattack and had to temporarily deactivate several of its online systems to maintain data security.


Please enter your comment!
Please enter your name here