Vancouver’s TransLink Confirms ‘Ransomware’ Attack

Metro Vancouver’s TransLink was very recently the victim of a “ransomware” attack from the “Egregor” operators.

Payment-processing glitches at fare terminals and gates on Metro Vancouver’s SkyTrain system were linked to a ransomware attack, TransLink CEO Kevin Desmond confirmed in a statement late afternoon on December 3 (via Global News).

“This attack included communications to TransLink through a printed message,” Desmond said, referring to a document widely circulated to media earlier in the day.

The attack took place on December 1 and left Vancouver residents and other users of the public transit service unable to use their Compass metro cards or pay for new tickets via the agency’s Compass ticketing kiosks. Translink officials avoided acknowledging the attack for two days, passing it off as a technical issue before being pressed by multiple local news agencies about what really was going on.

“Working with my colleague @pjimmyradio, we can confirm for @NEWS1130 that @TransLink has been hacked,” tweeted Martin MacMahon, a senior news reporter at local radio news station News 1130. “Our information comes from multiple sources within the transit authority, who have shared the ransom letter with us.”

According to the ransom note, it has been confirmed that the “Egregor” ransomware operators were behind the attack. Egregor is a new organized cybercrime operation that partners with affiliates to hack into networks and deploy their ransomware.

Customers can once again use credit and debit cards at Compass vending machines and tap-to-pay fare gates, features that were put on hold for several days.