[ad_1]
The Vancouver Metro Transit System is the latest victim of a ransomware attack.
Global News obtained the ransom letter sent to TransLink this week amid “suspicious network activity” which caused several major problems in the transit system.
TransLink CEO Kevin Desmond confirmed the attack in a press release late Thursday.
Ransomware is a type of malicious software that blocks a computer network or steals data. Attackers demand a ransom in exchange for unlocking the system or returning the data.
“Your network has been ATTACKED, your computers and servers have been BLOCKED, your private data has been DOWNLOADED,” the letter reads.
Sent.
Sent
“If you don’t contact us within the next three DAYS, we will start publishing the DATA.”
The letter displayed by Global News does not specify a ransom amount, but goes on to state that restoring data and systems without paying the ransom will cost “hundreds of millions” of dollars.
Sources inside TransLink claim the attacker is a high-profile hacker responsible for a number of similar attacks in the United States. They believe this may be the attacker’s first successful foray into Canada.
The letter includes instructions for administrators to contact the “Egregor” website using the anonymous Tor browser.
Egregor ransomware reportedly surfaced in September and made headlines with attacks on Barnes & Noble and Ubisoft.
Sources tell Global News the attack is believed to have started with a successful phishing email.
The transit agency is taking a position not to give in to the ransom note, sources tell Global News.
The attack could also affect payday, which is Friday, for TransLink employees.
Sources tell Global News that the company’s payroll operations are down.
Employees will still be paid, but using a cash advance, at 65 percent of their normal pay, but with no deductions on payroll, the sources say.
In his statement, Desmond TransLink was “working to resume normal operations as quickly and safely as possible.”
He said the agency was conducting a forensic investigation and that TransLink does not store customer fee payment information.
Compass vending machines and tap-to-pay fare gates began accepting credit and debit card payments again on Thursday afternoon, he said.
Several online services, including the Trip Planner tool, were disabled on Thursday evening.
“We are sharing as much as possible at this point considering this is an active investigation,” Desmond said.
“We believe it is important to keep our customers and employees as informed as possible of the circumstances. We also share this update to warn other organizations of the dangers of this ransomware attack. “
Earlier in the day, Desmond said the transit agency took action to isolate the systems as soon as it realized there had been a breach.
Dominic Vogel, Cyber.SC’s chief security strategist, told Global News Thursday that it is important to note that TransLink involved digital forensics, which he called the “CSI computer team.”
“This type of incident, while it may not affect the general public or the guidance of TransLink, could end up affecting employees there,” he added, as there would be sensitive information about those working at the company stored in databases.
“If you look at all the big data breaches or security incidents over the past 20, 25 years, what ends up being just a small speed boost is when [the companies] they were very transparent, ”Vogel added.“ So rather than using terms like ‘suspicious activity’, it’s very vague … I’d rather be very specific with the facts. For me, the good playbook is to say “in fact, this is what we know, this is what we don’t know, this is what we’re working on to try and identify”.
He said the organization shouldn’t lose control of the narrative.
Read more:
TransLink investigates “suspicious network activity” affecting online payment options
Although officials aren’t calling it a hack yet, a source told Global News the entire database was hacked Monday night.
Sources inside TransLink told Global News Wednesday that phones don’t work, the radio system on buses has been inactive for more than 24 hours, drivers can’t access an online employee portal, and some tasks are done manually.
TransLink said it was limited in the information it could share, “as this is an active investigation involving law enforcement.”
The transit systems still operate smoothly and without any impact on timetables.
Vancouver Metro Transit Police said an investigation involving local and national cybercrime experts has been launched.
© 2020 Global News, a division of Corus Entertainment Inc.
.
[ad_2]
Source link
