• 22 October, 2020
• No Comments

Montreal’s STM Public Transport System Hit By Ransomware Attack

Montreal’s Société de transport de Montréal (STM) public transport system was hit with a RansomExx ransomware attack that has impacted services and online systems.

On October 19th, STM suffered an outage that affected its IT systems, website, and customer support.

While these outages did not affect the operation of buses or metro systems, people with disabilities who rely on STM’s door-to-door paratransit service are affected as it uses an online registration system.

On Tuesday morning, STM announced that the outages were caused by a ‘computer virus that caused a major failure on various platforms.”

Later that evening, STM confirmed that they had suffered a ransomware attack and are working with law enforcement and external experts to restore their systems and investigate the attack.

“The Société de transport de Montréal (STM) wishes to inform its customers that the major computer failure it has suffered since October 19 in the afternoon is the consequence of a ransomware type, targeting all applications, despite the various defenses that are in place to deal with this type of eventuality.”

Also Read: Steps On How To Create Complain About Telemarketing Calls

The STM website is still down, but visitors are now redirected to www.lastm.info, where information about public transport services and the attack is posted.

RansomExx gang behind attack

According to a source familiar with the situation, STM suffered an attack by the RansomExx ransomware operation.

RansomExx is a rebranded version of the Defray777 ransomware that become more active in June, with attacks against organizations such as the Texas Department of Transportation (TxDOT), Konica Minolta, IPG Photonics, and more recently, Tyler Technologies.

When conducting attacks, RansomExx operators will compromise a network and steal unencrypted files as they spread laterally through the system. Once they gain access to the Windows domain controller, they deploy the ransomware on all available devices.

Also Read: EU GDPR Articles: Key For Business Security And Success

It is not known if STM has been in contact with the ransomware operators or the ransom amount.

This is a developing story.