The Egregor ransomware operation has breached Metro Vancouver’s transportation agency TransLink with the cyberattack causing disruptions in services and payment systems.
On December 1st, TransLink's announced that they were having issues with their information technology systems that affected phones, online services, and the ability to pay for fares using a credit card or debit card. All transit services were unaffected by the IT problems.
After restoring the payment systems, TransLink issued a statement disclosing that a ransomware attack caused the IT problems.
"We are now in a position to confirm that TransLink was the target of a ransomware attack on some of our IT infrastructure. This attack includes communications to TransLink through a printed message," TransLink disclosed in a statement.
If you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.
Egregor is also the only ransomware known to run scripts that print bomb ransom notes to available printers, as described by Armstrong in his tweet. The Egregor gang performed this same tactic during a recent Cencosud cyberattack, where receipt printers began repeatedly printing ransom notes to draw public attention to the attack.
On December 1st, TransLink's announced that they were having issues with their information technology systems that affected phones, online services, and the ability to pay for fares using a credit card or debit card. All transit services were unaffected by the IT problems.
After restoring the payment systems, TransLink issued a statement disclosing that a ransomware attack caused the IT problems.
"We are now in a position to confirm that TransLink was the target of a ransomware attack on some of our IT infrastructure. This attack includes communications to TransLink through a printed message," TransLink disclosed in a statement.
Egregor ransomware was behind TransLink's attack
Global BC reporter Jordan Armstrong tweeted a picture of the ransom note and stated that TransLink printers were repeatedly printing ransom notes.From the picture of the ransom note, BleepingComputer can confirm that it was the Egregor ransomware operation behind the attack.
If you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.
Egregor is also the only ransomware known to run scripts that print bomb ransom notes to available printers, as described by Armstrong in his tweet. The Egregor gang performed this same tactic during a recent Cencosud cyberattack, where receipt printers began repeatedly printing ransom notes to draw public attention to the attack.