[TheRecord] Ransomware attack disrupts Toronto’s public transportation system

A ransomware attack has disrupted the activities of the Toronto public transportation agency and has taken down several systems used by drivers and commuters alike.

The Toronto Transit Commission said the attack was detected last week on Thursday night and was discovered by a TTC IT staffer who detected “unusual network activity.”

“Impact was minimal until midday today (Friday, Oct. 29) when hackers broadened their strike on network servers,” the agency said in a press release on Friday.

According to TTC spokesperson Stuart Green, the incident impacted internal systems, such as the agency’s internal email server and TTC Vision, a video-based driver communication system. This was replaced by a classic radio-based communication system until the issue would be resolved.

Besides TTC backend systems, the incident also impacted customer-facing servers as well. The booking portal for Wheel-Trans, a transportation option for persons with disabilities, is still offline at the time of writing.

In addition, the attack has also impacted the ability to show real-time information about TTC vehicles on station platform screens, inside trip-planning apps, and on the TTC website, Green said.

#TTC staff and external cybersecurity experts continue to troubleshoot yesterday’s ransomware attack.
Systems impacted by the attack are still down but we’re working to safely and securely restore them.
Yesterday’s statement with alt text below. pic.twitter.com/uGVFByYIKT

— TTCStuart 🚈🗣️ (@TTCStuart) October 30, 2021

But despite the attack, public transportation routes were not disrupted. Buses, trams, and subway trains continued to run as normal, officials said.

Montreal, Vancouver, and now Toronto

At the time of writing, no ransomware gang has taken credit for the incident.

Toronto is Canada’s largest urban population center. Following last week’s attack, ransomware gangs have now hit the public transportation systems of all of Canada’s three biggest cities, after similar attacks hit Montreal’s STM in October 2020 and Vancouver’s Metro’s in December 2020.

Hackers asked CAD$2.8 million from STM and CAD$7.5 million from Metro, but neither agency paid the ransom demands. TTC did not disclose the ransom demand it received.

Other ransomware attacks that hit public transportation systems over the past few years include attacks on:

San Francisco’s MUNI in November 2016Sacramento’s Regional Transit in November 2017Forth Worth’s Trinity Metro in July 2020Philadelphia’s SEPTA in October 2020Ann Arbor Area Transportation Authority in October 2021.

None of these attacks have ever disrupted public transports, as agencies were usually able to run routes on time even without the aid of computer systems.

The post Ransomware attack disrupts Toronto’s public transportation system appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] This stealthy malware delivers a ‘silent threat’ that wants to steal your passwords

All posts, ZDNet

Cybersecurity researchers at HP Wolf Security warn about RATDispenser, a downloader that delivers trojan malware, information stealers and keyloggers. Source: Read More (Latest topics for ZDNet in Security)

Read More

[SecurityWeek] Attackers Leverage SonicWall VPN Flaw to Compromise SRA Appliances

All posts, Security Week

Malicious hackers are exploiting an old VPN security flaw to compromise SonicWall SRC (secure remote access) devices, according to a warning from security vendor CrowdStrike. read more Source: Read More (SecurityWeek RSS Feed)

Read More

Daily NCSC-FI news followup 2020-12-27

A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware thehackernews.com/2020/12/a-new-solarwinds-flaw-likely-had-let.html An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as zero-day to deploy the SUPERNOVA malware in target environments. Koei Tecmo discloses data breach after hacker leaks stolen data www.bleepingcomputer.com/news/security/koei-tecmo-discloses-data-breach-after-hacker-leaks-stolen-data/ Japanese game developer Koei Tecmo has disclosed […]

Read More