The cyberattack took place in early December 2020, affecting phones, online services and payment systems. The attack left Vancouver residents unable to use their Compass metro cards or pay for new tickets via the agency’s Compass ticketing kiosks. One part of the attack caused TransLink printers to repeatedly print out ransom notes.
Based on the ransom’s note, Bleeping Computer reports, the attack is believed to be carried out by the Egregor gang, who have previously been known for stealing data from hacked networks before encrypting their files.
Egregor is a nascent type of ransomware that’s struck multiple organizations in recent weeks, including the British retail outlet Edinburgh Woollen Mill. The ransomware comes from the Sekhmet malware family.
TransLink embarked upon a forensic investigation. The present status is that TransLink are unable confirm what information was taken and which customers any data loss relates to.
Looking into the incident for Digital Journal is Sanjay Jagad, Sr. Director Products and Solutions, Cloudian.
According to Jagad: “The attack on Translink highlights ransomware’s extraordinary ability to cripple an organization’s operations and services. Once again, this speaks to the need for stronger defense measures to protect against ransomware attacks.”
In terms of taking appropriate actions to prevent any future attacks, Jagad recommends: “Object Lock technology at the data storage layer makes backup data unchangeable, meaning it cannot be encrypted by hackers.”
This means, Jagad states: “Therefore, organizations can easily restore an uninfected copy of their data in the event of an attack and quickly resume business without having to pay a hefty ransom.”