Vancouver transit system is affected by ransomware infection

A recent report mentions that the cybercriminal group in charge of the Egregor ransomware managed to compromise the systems of Metro Vancouver’s TransLink transport agency, leading to disruptions to some services and payment systems.

A few days ago, company representatives announced that they had problems with their systems, affecting their phones, online services, or credit and debit card payment systems. Transport systems were not affected by these failures.

Once it managed to restore its payment systems, TransLink issued a statement acknowledging the incident: “We have the information necessary to confirm that TransLink was the target of a ransomware attack that affected our communications through a message.” Through his Twitter account, researcher Jordan Armstrong posted an image of the ransom note and stated that TransLink printers were repeatedly printing the same message:

After the ransom note was made public, the cybersecurity community confirmed that hacking group Egregor was behind the attack.

Specialists mention that Egregor is the only known ransomware variant that runs scripts to print ransom notes on all printers connected to a compromised network. Egregor’s hackers used this same tactic during a recent cyberattack on Cencosud, where receipt printers began repeatedly printing ransom notes to draw public attention to the incident.

In the rise of ransomware as a service (RaaS) platforms, Egregor has established itself as one of the groups most requested by cybercriminal groups, making incredible profits for every successful attack deployed by malicious hackers. These attacks include numerous high-profile companies around the world, including Kmart, Cencosud, Crytek, Ubisoft and Barnes and Noble.