Ransomware attack paralyzes Vancouver public transportation agency

Customers left unable to buy tickets or use travelcards for two days

Ransomware on a red screen

TransLink, Vancouver, Canada's public transportation agency, has become the victim of a ransomware attack that has left residents of the city unable to use their Compass metro cards or pay for new tickets via the agency's Compass ticketing kiosks.

The attack took place on Tuesday, but the agency initially passed it off as a prolonged technical issue. However, reporters at local radio station CITY NEWS 1130 found out what had happened and forced the organization to admit the attack took place.

"We are now in a position to confirm that TransLink was the target of a ransomware attack on some of our IT infrastructure," TransLink CEO Kevin Desmond said in a statement to the radio station.

“TransLink does not store fare payment data. We use a secure third-party payment processor for all fare transactions, and we do not have access to that type of data.”

Desmond didn’t reveal the ransomware’s name but confirmed the hackers printed a demand note on the agency’s printers. 

“Your network was attacked, your computers and servers were locked,” the note read. Printing these notes on an organization’s printer is a tactic used by the Egregor ransomware.

Services were restored Thursday afternoon.

Sam Curry, chief security officer at Cybereason, told ITPro that these types of attacks are increasing against public and private sector companies, but there’s a silver lining.

According to Curry, “The silver lining is that there are fewer strains of ransomware in the wild and the good guys or defenders have more than a fighting chance to turn the tables on the cyber adversaries. And good for TransLink for eventually owning up to the fact it was a ransomware attack. Honestly, they should have come clean at the outset, shared as much information as possible and assured customers they were doing everything humanly possible to restore transportation services to normal.”

Stuart Sharp, VP of technical services at OneLogin, told ITPro that it’s fortunate that Translink doesn’t store any financial information, so citizens’ financial data wasn’t at risk in the attack. 

“It goes to show that any organization where an IT system plays a crucial role in running services is at risk from ransomware attacks, not just organizations that store sensitive data,” Sharp said.

Javvad Malik, security awareness advocate at KnowBe4, said ransomware operators are more focused and targeted in their attacks.

“They tend to spend more time within an organization before deploying ransomware. This allows them to not only steal data that they can use to further blackmail the organization or its customers with but also to identify which data and systems to encrypt with ransomware for maximum impact,” he said.

Malik added it's essential that organizations have controls in place to prevent ransomware from gaining access via a layered security strategy that includes technical controls and ensuring employees receive security awareness and training. 

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

How can you protect your business from crypto-ransomware?
Security

How can you protect your business from crypto-ransomware?

20 Apr 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

9 Apr 2021
What is hacktivism?
hacking

What is hacktivism?

22 Apr 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021

Most Popular

REvil threatens to release Apple’s hardware schematics
ransomware

REvil threatens to release Apple’s hardware schematics

21 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Samsung Galaxy S21 Ultra review: Ultra in every sense of the word
Mobile Phones

Samsung Galaxy S21 Ultra review: Ultra in every sense of the word

22 Apr 2021