Metro Vancouver’s Transit System Pwned By Ransomware

Metro Vancouver’s Transit System has admitted that it was pwned by ransomware where the bad actors wanted to get paid or they would publish the data. Here’s what Global News had to say:

Global News has obtained the ransom letter sent to TransLink amid “suspicious network activity” this week that has caused several major problems across the transit system.

TransLink CEO Kevin Desmond confirmed the attack in a media release late Thursday.

And:

Sources inside TransLink say the belief is the attacker is a high-profile hacker who is responsible for a number of similar attacks in the U.S. They believe this may be the attacker’s first successful foray into Canada.

The letter includes instructions for administrators to contact the ‘Egregor’ website using the anonymous browser Tor.

The Egregor ransomware reportedly surfaced in September, and made headlines with attacks on Barnes & Noble and Ubisoft.

The transit authority will not pay the ransom, which is the best move as you should never pay these scumbags. But it is affecting their payroll system. Their fare payment systems and some other online systems were also affected.

I would be interested to see what the transit authority does in regards to this incident as seeing as they aren’t paying the ransom, and they have also brought in a digital forensics team which he described as the “CSI squad of computers”, this might act as template as to how to handle incidents like this in the future.

UPDATE: David Masson of Darktrace had this to say on the Metro Vancouver ransomware attack:

“This ransomware attack against Translink is another wake-up call for transportation authorities that they cannot rely on humans alone to respond to fast-moving cyber-attacks.

Security teams are now outpaced by the speed of today’s malware and require autonomous technology that understands what constitutes an attack, in the heat of the moment – and stops the attack without a human in the loop. Many transportation companies across North America now use AI to respond to ransomware, and similar high speed attacks, employing technology called Autonomous Response. The AI detects early sign warning signs of a threat actor trespassing inside computer networks and is able to mount a targeted defense in a matter of seconds, before the ransomware can spread. 

Ransomware continues to be one of the most prevalent attack types that Darktrace AI responds to on a weekly basis..”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: