TransLink, Vancouver, Canada's public transportation agency, has become the victim of a ransomware attack that has left residents of the city unable to use their Compass metro cards or pay for new tickets via the agency's Compass ticketing kiosks.
The attack took place on Tuesday, but the agency initially passed it off as a prolonged technical issue. However, reporters at local radio station CITY NEWS 1130 found out what had happened and forced the organization to admit the attack took place.
"We are now in a position to confirm that TransLink was the target of a ransomware attack on some of our IT infrastructure," TransLink CEO Kevin Desmond said in a statement to the radio station.
“TransLink does not store fare payment data. We use a secure third-party payment processor for all fare transactions, and we do not have access to that type of data.”
Desmond didn’t reveal the ransomware’s name but confirmed the hackers printed a demand note on the agency’s printers.
“Your network was attacked, your computers and servers were locked,” the note read. Printing these notes on an organization’s printer is a tactic used by the Egregor ransomware.
Services were restored Thursday afternoon.
Sam Curry, chief security officer at Cybereason, told ITPro that these types of attacks are increasing against public and private sector companies, but there’s a silver lining.
According to Curry, “The silver lining is that there are fewer strains of ransomware in the wild and the good guys or defenders have more than a fighting chance to turn the tables on the cyber adversaries. And good for TransLink for eventually owning up to the fact it was a ransomware attack. Honestly, they should have come clean at the outset, shared as much information as possible and assured customers they were doing everything humanly possible to restore transportation services to normal.”
Stuart Sharp, VP of technical services at OneLogin, told ITPro that it’s fortunate that Translink doesn’t store any financial information, so citizens’ financial data wasn’t at risk in the attack.
“It goes to show that any organization where an IT system plays a crucial role in running services is at risk from ransomware attacks, not just organizations that store sensitive data,” Sharp said.
Javvad Malik, security awareness advocate at KnowBe4, said ransomware operators are more focused and targeted in their attacks.
“They tend to spend more time within an organization before deploying ransomware. This allows them to not only steal data that they can use to further blackmail the organization or its customers with but also to identify which data and systems to encrypt with ransomware for maximum impact,” he said.
Malik added it's essential that organizations have controls in place to prevent ransomware from gaining access via a layered security strategy that includes technical controls and ensuring employees receive security awareness and training.
-
Is diversity still a challenge in the channel?Industry Insights Despite progress, diversity remains a challenge in the tech channel, as women represent less than a quarter of the UK’s tech workforce and still face structural and cultural barriers
-
How the UK is leading Europe at AI-driven manufacturingIn-depth A new report puts the country on top of the charts in adopting machine learning on the factory floor in several critical measures
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
A notorious ransomware group is spreading fake Microsoft Teams ads to snare victimsNews The Rhysida ransomware group is leveraging Trusted Signing from Microsoft to lend plausibility to its activities
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
The number of ransomware groups rockets as new, smaller players emergeNews The good news is that the number of victims remains steady
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
