Ransomware attack on Canada public transport agency

328

Société de transport de Montréal (STM), a public transport agency in Canada has disclosed that its digital systems are down due to a ransomware attack and so its website will remain inaccessible to users for some days. 

 


 

A message posted on the official website states that STM was hit by a file-encrypting malware attack on October 19, 2020, and the IT staff is busy recovering the data through remediation.

 

STM says that all its transit services will operate normally and the reservations will resume from October 23, 2020. Those seeking transport services for emergency and medical necessities will avail of the services of Société de transport de Montréal as per the pre-determined conditions.

 

To date, no employee information or customer details have been compromised in the incident and an investigation has been launched on how the ransomware spread to the network and who was responsible for the incident.

 

A source from Bleeping Computer stated on Twitter that the RansomExx gang was responsible for malware spread and it’s suspected that Defray777 ransomware was inducted into the network in the first week of October to first steal unencrypted files and then lock down the database from access.

 

Note 1- Most of the ransomware gangs are nowadays seen first stealing files from a database and then are seen locking down the database from access with strong encryption.

 

Note 2– Many law enforcement agencies like US FBI are urging victims not to pay any ransom amount to the hackers as it not only encourages crime but doesn’t guaranty a decryption key after the payment of a ransom to hackers.

 

Note 3- Montreal Transit Corporation officially known as Société de transport de Montréal was established in 1861 and offers urban mass transit systems across Canada and some parts of North America. On average, around 2,524,500 passengers are seen using transport services on daily basis.