Metro Vancouver transit system hit by ransomware attack


Metro Vancouver’s transit system is the latest victim of a ransomware attack.

Global News this week obtained the ransom letter sent to TransLink amid “suspicious network activity” that caused several major problems in the transit system.

TransLink CEO Kevin Desmond confirmed the attack in a press release Thursday night.

Ransomware is a type of malicious software that locks down a computer network or steals data. Attackers demand a ransom in exchange for unlocking the system or returning the data.

“Your network has been ATTACKED, your computers and servers have been LOCKED, your private data has been UPLOADED,” the letter read.



“If you do not contact us within the next three DAYS, we will begin posting the DATA.”

The story continues under the ad

The letter seen by Global News does not specify the amount of the ransom, but goes on to claim that recovering data and systems without paying the ransom will cost “hundreds of millions” of dollars.

Sources inside TransLink claim that the attacker is a high-level hacker responsible for a number of similar attacks in the United States. They believe this may be the forward’s first successful foray into Canada.

The letter includes instructions for administrators to contact the “Egregor” website using the anonymous Tor browser.

The Egregor ransomware reportedly surfaced in September and made headlines with attacks on Barnes & Noble and Ubisoft.

The story continues under the ad

Sources tell Global News that the attack started with a successful phishing email.

The transport agency is taking a stance that it will not give in to the ransom demand, sources told Global News.

The attack could also affect payday, which is Friday, for TransLink employees.

Sources tell Global News that the company’s payroll operations are down.

Employees will still be paid, but using a cash advance, at 65 percent of their regular salary, but without payroll deductions, sources said.

In his statement, Desmond TransLink “strives to resume normal operations as quickly and safely as possible.”

He said the agency was conducting a forensic investigation and TransLink did not store any customer rate payment data.

Compass vending machines and pricing barriers resumed accepting credit and debit card payments on Thursday afternoon, he said.

Various online services, including the Trip Planner tool, remained disabled Thursday evening.

“We’re sharing as much as we can at this point given that this is an active investigation,” Desmond said.

“We believe it is important to keep our customers and employees as informed as possible under the circumstances. We are also sharing this update to alert other organizations to the dangers of this ransomware attack. ”

The story continues under the ad

Earlier today, Desmond said the transportation agency acted to isolate the systems as soon as it realized there had been a breach.

Dominic Vogel, chief security strategist at Cyber.SC told Global News on Thursday that it is important to note that TransLink has hired digital forensics, which he described as “the CSI computer squad.”

“This type of incident, although it does not affect the general public or the goodwill of TransLink, could end up affecting the employees there”, he added, because there would be sensitive information. on those who work in the company stored in databases.

“If you look at all the big data breaches or security incidents over the past 20, 25 years that they end up being just a minor speed bump, that’s when [the companies] were very transparent, ”added Vogel. “So rather than using terms like ‘suspicious activity’ it’s very vague… I would prefer them to be very specific with the facts. For me, the right playbook is to say, “actually this is what we know, this is what we don’t know, this is what we are working on to try to identify. “”

He said the organization should not lose control of the narrative.

TransLink deactivates electronic payment options in the event of cybercrime

TransLink deactivates electronic payment options in the event of cybercrime

Read more:

TransLink Investigates ‘Suspicious Network Activity’ Affecting Online Payment Options

The story continues under the ad

Although officials still don’t call it a hack, a source told Global News that the entire database was breached on Monday evening.

Sources inside TransLink told Global News on Wednesday that the phones are out of order, the buses’ radio system has been down for more than 24 hours, that drivers cannot access an online portal for employees and that some tasks are performed manually.

TransLink said it was limited in the information it could share, “given that this is an active investigation involving law enforcement authorities. ”

Public transport systems still operate regularly and without any impact on schedules.

Metro Vancouver Transit Police said an investigation has been opened involving local and national cybercrime experts.

© 2020 Global News, a division of Corus Entertainment Inc.


(vitag.Init = window.vitag.Init || []).push(function () { viAPItag.display(“vi_1088641796”) })


Please enter your comment!
Please enter your name here