A destructive hacker that attacked Montreal’s transit agency with malware has demanded a ransom of US $2.8m to restore typical network functions.
The Société de transport de Montréal (STM) was targeted with ransomware on Oct 19. The attack knocked the agency’s reservation method for adapted transit offline and caused an outage that afflicted around 1,000 of STM’s 1,600 servers, 624 of which are considered operationally sensitive.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
No data was exfiltrated by the hacker, and the incident did not impact the city’s bus and metro services.
Following a lot more than a 7 days of silence, the hacker at last contacted STM to issue a ransom demand from customers that the agency says it will not comply with.
In a statement revealed Thursday, STM reported: “Pursuing interaction with the hacker, a ransom demand of US $2.8 million was made. The STM maintains its final decision not to act on this request.”
STM’s paratransit reservation method was restored on Oct 25. The company stated that as of yesterday, all around 77% of servers impacted by the attack had been restored.
Payments to STM’s 11,000 workers had been completed in what the agency described as an “nearly standard method.” Payments to suppliers were not affected by the incident.
An investigation into the incident is ongoing. Aspects uncovered so significantly point out that the attacker employed a phishing email to attain obtain to STM’s network. When describing the attack as comparable to RansomExx, STM said it would not share any further particulars until the investigation experienced been concluded.
A 7 days immediately after the cyber-strike on Montreal’s transit agency, a second attack was carried out on a well being company in the city’s west stop.
The CIUSSS du Centre-Ouest-de-l’Île-de-Montréal blocked remote entry and disconnected from the internet right after the attack in an endeavor to minimize any problems.
Dr. Lawrence Rosenberg, head of the CIUSSS, mentioned that no personal facts belonging to staff members or individuals had been compromised as a outcome of the security incident.
The CIUSSS run the city’s Jewish Common Healthcare facility and many prolonged-time period treatment amenities. Rosenberg said that although problems experienced been experienced with the phone procedure, affected person treatment had not been afflicted by the attack.
Some pieces of this article are sourced from:
www.infosecurity-magazine.com