from the just-another-day-at-the-office dept.
TransLink confirms ransomware data theft, still restoring systems:
Metro Vancouver's transportation agency TransLink has confirmed that the Egregor ransomware operators who breached its network at the beginning of December 2020 also accessed and potentially stole employees' banking and social security information.
TransLink announced on December 1, 2020, that the transportation network was experiencing issues with their computing systems following a cyberattack.
These information technology issues impacted the company's phones and online services, as well as the customers' ability to pay for fares with a credit card or debit card. TransLink's transit services were not affected by the IT problems caused by the ransomware attack.
"We are now in a position to confirm that TransLink was the target of a ransomware attack on some of our IT infrastructure," TransLink disclosed in a statement following the incident. "This attack includes communications to TransLink through a printed message."
[...] Egregor is a ransomware operation that partners with affiliates who hack into targets' networks and deploy ransomware payloads, earning 70% of the ransom payments with the Egregor operators getting a 30% revenue share.
The affiliates who infiltrate victims' networks are also known for stealing files before encrypting devices using Egregor ransomware and for using them as leverage under the threat of publicly leaking them unless the ransom is paid.
Egregor started operating in September 2020 after Maze shut down their operation, with many of the Maze affiliates switching to Egregor as threat actors told BleepingComputer.
(Score: 2) by dw861 on Wednesday January 06 2021, @03:30AM
The morning that this took place, there was a weird announcement on the radio that fares would have to be purchased with cash, and that the fare machines in stations had been shut down because of "suspicious network activity".
Even the web based trip-planner had been disabled, and users were guided to find a replacement, such as google maps.
https://www.vancouverisawesome.com/vancouver-news/suspicious-activity-translink-temporarily-disables-some-payment-options-on-metro-vancouver-transit-3148400 [vancouverisawesome.com]
Now we know why...
Maybe not a profound comment, but this story is looking ever so lonely.
(Score: 0) by Anonymous Coward on Wednesday January 06 2021, @05:51AM
I wonder if fare card data was collected.
There are a great many Chinese expats in the region served by TransLink, many of whom are not as circumspect in their actions as the CCP would like.
Knowing whose kids bussed together, and so on, is surprisingly potent metadata.
(Score: 2) by dw861 on Tuesday January 26 2021, @02:15AM
https://www.cbc.ca/news/canada/british-columbia/translink-ransomware-attack-lawsuit-1.5887462 [www.cbc.ca]