Ransomware attack paralyzes Vancouver public transportation agency

Customers left unable to buy tickets or use travelcards for two days

Ransomware on a red screen

TransLink, Vancouver, Canada's public transportation agency, has become the victim of a ransomware attack that has left residents of the city unable to use their Compass metro cards or pay for new tickets via the agency's Compass ticketing kiosks.

The attack took place on Tuesday, but the agency initially passed it off as a prolonged technical issue. However, reporters at local radio station CITY NEWS 1130 found out what had happened and forced the organization to admit the attack took place.

"We are now in a position to confirm that TransLink was the target of a ransomware attack on some of our IT infrastructure," TransLink CEO Kevin Desmond said in a statement to the radio station.

“TransLink does not store fare payment data. We use a secure third-party payment processor for all fare transactions, and we do not have access to that type of data.”

Desmond didn’t reveal the ransomware’s name but confirmed the hackers printed a demand note on the agency’s printers. 

“Your network was attacked, your computers and servers were locked,” the note read. Printing these notes on an organization’s printer is a tactic used by the Egregor ransomware.

Services were restored Thursday afternoon.

Sam Curry, chief security officer at Cybereason, told ITPro that these types of attacks are increasing against public and private sector companies, but there’s a silver lining.

According to Curry, “The silver lining is that there are fewer strains of ransomware in the wild and the good guys or defenders have more than a fighting chance to turn the tables on the cyber adversaries. And good for TransLink for eventually owning up to the fact it was a ransomware attack. Honestly, they should have come clean at the outset, shared as much information as possible and assured customers they were doing everything humanly possible to restore transportation services to normal.”

Stuart Sharp, VP of technical services at OneLogin, told ITPro that it’s fortunate that Translink doesn’t store any financial information, so citizens’ financial data wasn’t at risk in the attack. 

“It goes to show that any organization where an IT system plays a crucial role in running services is at risk from ransomware attacks, not just organizations that store sensitive data,” Sharp said.

Javvad Malik, security awareness advocate at KnowBe4, said ransomware operators are more focused and targeted in their attacks.

“They tend to spend more time within an organization before deploying ransomware. This allows them to not only steal data that they can use to further blackmail the organization or its customers with but also to identify which data and systems to encrypt with ransomware for maximum impact,” he said.

Malik added it's essential that organizations have controls in place to prevent ransomware from gaining access via a layered security strategy that includes technical controls and ensuring employees receive security awareness and training. 

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Global ransom DDoS extortionists are retargeting companies
distributed denial of service (DDOS)

Global ransom DDoS extortionists are retargeting companies

22 Jan 2021
BEC scammers are using Google Forms to identify easy victims
phishing

BEC scammers are using Google Forms to identify easy victims

21 Jan 2021
FBI warns of ongoing corporate vishing attacks
phishing

FBI warns of ongoing corporate vishing attacks

19 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021