Vancouver Public Transit Disrupted by Ransomware Attack

According to ZDNet, the public transit operator in Vancouver, Canada, TransLink, was hit by a ransomware attack. The incident occurred on December 1, 2020, and as a result, Vancouver residents were unable to use their Compass transit cards or purchase new tickets at Compass kiosks for several days.

Initially, TransLink reported that the issue was due to prolonged technical difficulties. However, reporters from the local news agency CITY NEWS 1130 uncovered the true nature of the incident, prompting TransLink to reveal the real cause.

“We can now confirm that TransLink was the target of a ransomware attack aimed at our IT infrastructure,” said TransLink CEO Kevin Desmond in a statement released after the CITY NEWS 1130 investigation.

Although Desmond did not specify which hacker group was responsible, he confirmed that the attackers sent ransom notes to all available company printers. A copy of the ransom note was published by another local journalist.

Based on the hackers’ message and the malware’s behavior, it appears that TransLink was attacked by a version of the Egregor ransomware, which is known for printing its ransom demands on any accessible devices.

TransLink officials stated that Compass kiosks have now been restored, allowing customers to use Tap to Pay features at fare gates. The company also emphasized that the incident did not affect the operation of any transit routes.