Metro Vancouver’s transportation agency TransLink was hit with a ransomware attack in which the services and payment systems were disrupted.
On December 1st, TransLink’s announced that they were having issues with their information technology systems that affected phones, online services, and the ability to pay for fares using a credit card or debit card. All transit services were unaffected by the IT problems.
After restoring the payment systems, TransLink issued a statement revealing that the ransomware attack has caused the IT problems.
They confirmed that TransLink was the target of a ransomware attack on some of its IT infrastructure. This attack includes communications to TransLink through a printed message.
According to the ransom note, it has been confirmed that the Egregor ransomware operators were behind the attack.
The TransLink printers were repeatedly printing ransom notes.
Egregor is the only ransomware known to run scripts that print bomb ransom notes to available printers. The gang used the same technique during a recent Cencosud cyberattack, in which the receipt printers were repeatedly printing ransom notes to draw public attention to the attack.
Egregor is a new organized cybercrime operation that partners with affiliates to hack into networks and deploy their ransomware. The affiliates get 70% of ransom payments they generate, and the Egregor operators make a 30% share.
This ransomware gang began operating in September 2020 after the Maze ransomware operators have shut down their operation. Many of the affiliates that worked with Maze then moved over to Egregor, which allowed the new operation to pile many victims quickly.
Image Credits : Daily Hive