The ransomware that prints the ransom note

The ransomware that prints the ransom note
The news that comes from Canada perfectly embodies the example of how a ransomware attack can have direct consequences on an entire community. What has hit the IT infrastructure of TransLink, a public transport company operating in Vancouver, has created quite a few headaches for those who use means such as buses and trains to get around the city.

Ransomware: the TransLink case in Vancouver

The violation took place on Tuesday 1 December. On its knees the Compass system on which all the kiosks for the sale of tickets and the devices for validating the cards purchased for travel rest. At first, the security incident was labeled as a prolonged routine technical problem, only to have confirmation of what happened first from the local press and only later from official sources. These are the words of CEO Kevin Desmond.

We are now in a position to confirm that TransLink has been the target of a ransomware attack targeting some of our IT infrastructures.

UPDATE: Credit card and debit card transactions are once again able to be processed at Compass vending machines. Customers who recently purchased monthly passes or stored value will also soon see the credit loaded onto their Compass Card.

- News from TransLink (@TransLinkNews) December 4, 2020



It is not known which group of cybercriminals scored the hit, but the first analysis shows some connection with the ransomware known as Egregor. The request for the payment of a ransom is witnessed by some posts that have appeared on social networks. The chosen mode is rather anomalous (although not a first): it was delivered via printed messages directly to the company's offices.

Ransom letter that's been rolling off the printers at @TransLink.

Sources tell me, at this point, @TransLink does NOT intend to pay.

But a cyber security expert we spoke to says this is a sophisticated new type of ransomware attack… and many victims do pay. @GlobalBC pic.twitter.com/2tYLy4lZkG

- Jordan Armstrong (@jarmstrongbc) December 4, 2020



A real instruction sheet with what to do for prevent stolen private data from being published. Three days are allowed. From the leaked information it seems that TransLink has chosen not to give in to extortion. The Compass network has been restored and a press release reveals that the information regarding payment methods (credit cards, etc.) has not been compromised.

Source: ZDNet





Powered by Blogger.