Egregor ransomware operators made the headlines again, this time they hit Metro Vancouver’s transportation agency TransLink causing the disruption of its services and payment systems.
The news was also confirmed by Global News which has obtained the ransom letter sent to TransLink after the company announced to have detected “suspicious network activity” this week that has caused several major problems across the transit system.
On December 1st, TransLink’s announced that they were having IT issues that impacted phones, online services. The payments with credit or debit cards were not possible for three days, according to the company, the transit services were unaffected by IT problems.
TransLink continues the investigation of suspicious network activity which impacted some of our information technology systems today. Out of an abundance of caution, TransLink has disabled access to some online services which may impact customers. See pinned Tweet for details ^CK
— TransLink BC (@TransLink) December 2, 2020
Upon restoring the payment systems, Metro Vancouver’s transportation agency TransLink issued a statement announcing that a ransomware attack was the root cause of IT issues.
TransLink CEO Kevin Desmond confirmed the ransomware attack in a media release late Thursday.
“We are now in a position to confirm that TransLink was the target of a ransomware attack on some of our IT infrastructure. This attack included communications to TransLink through a printed message,” said Desmond.
Statement from TransLink CEO Kevin Desmond: pic.twitter.com/BVX2d9hyef
— TransLink BC (@TransLink) December 4, 2020
Global BC anchor Jordan Armstrong shared a picture of the ransom note that was repeatedly printed by TransLink printers after the attack. The image confirmed that the company was hit by the Egregor operators, a group that intensifies its operations after the Maze ransomware shutdown its activities.
Ransom letter that’s been rolling off the printers at @TransLink.
— Jordan Armstrong (@jarmstrongbc) December 4, 2020
Sources tell me, at this point, @TransLink does NOT intend to pay.
But a cyber security expert we spoke to says this is a sophisticated new type of ransomware attack… and many victims do pay.@GlobalBC pic.twitter.com/2tYLy4lZkG
Egregor is known to target printers of the compromised organizations, instituting them to print the ransom note.
The Egregor ransomware operators recently targeted several other major companies worldwide, including Barnes and Noble, Cencosud, Crytek, Kmart, and Ubisoft.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Egregor ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]