Montreal Metro Hacker Demands $2.8m Ransom

A malicious hacker that attacked Montreal's transit agency with malware has demanded a ransom of US $2.8m to restore normal network operations.

The Société de transport de Montréal (STM) was targeted with ransomware on October 19. The attack knocked the agency’s reservation system for adapted transit offline and caused an outage that affected around 1,000 of STM's 1,600 servers, 624 of which are considered operationally sensitive.  

No data was exfiltrated by the hacker, and the incident did not impact the city's bus and metro services. 

After more than a week of silence, the hacker finally contacted STM to issue a ransom demand that the agency says it will not comply with.

In a statement published Thursday, STM said: "Following communication with the hacker, a ransom demand of US $2.8 million was made. The STM maintains its decision not to act on this request."

STM's paratransit reservation system was restored on October 25. The agency said that as of yesterday, around 77% of servers impacted by the attack had been restored. 

Payments to STM's 11,000 employees were completed in what the agency described as an "almost normal manner." Payments to suppliers were not affected by the incident. 

An investigation into the incident is ongoing. Details revealed so far indicate that the attacker used a phishing email to gain access to STM's network. While describing the attack as similar to RansomExx, STM said it would not share any further details until the investigation had been completed. 

A week after the cyber-strike on Montreal's transit agency, a second attack was carried out on a health agency in the city's west end. 

The CIUSSS du Centre-Ouest-de-l'Île-de-Montréal blocked remote access and disconnected from the internet after the attack in an attempt to minimize any damage. 

Dr. Lawrence Rosenberg, head of the CIUSSS, said that no personal information belonging to staff or patients had been compromised as a result of the security incident.

The CIUSSS run the city's Jewish General Hospital and several long-term care facilities. Rosenberg said that while problems had been experienced with the telephone system, patient care had not been affected by the attack.

What’s Hot on Infosecurity Magazine?