Ransomware attack impede the Toronto’s public transportation system

A ransomware attack has disrupted the activities of the Toronto public transportation agency and has taken down several systems used by drivers and commuters alike.

The Toronto Transit Commission said the attack was detected last week on Thursday night and was discovered by a TTC IT staffer who detected “unusual network activity.”

“Impact was minimal until midday today (Friday, Oct. 29) when hackers broadened their strike on network servers,” the agency said in a press release on Friday. According to TTC spokesperson Stuart Green, the incident impacted internal systems, such as the agency’s internal email server and TTC Vision, a video-based driver communication system. This was replaced by a classic radio-based communication system until the issue would be resolved. Besides TTC backend systems, the incident also impacted customer-facing servers as well. The booking portal for Wheel-Trans, a transportation option for persons with disabilities, is still offline at the time of writing.

And we can see that the attack doesn’t affected, public transportation routes were not disrupted. Buses, trams, and subway trains continued to run as normal, officials said.

Green says transit vehicles continue to service their routes but apps and computer displays of route information are being affected. He says there is no estimated time for when services that have been affected will be restored.

“The full extent of the attack is being looked into and the TTC is working with law enforcement and cybersecurity experts on the matter,” he said in a release.

New updates from TTC

“TTC service alerts” still recovering from the attack and it’s being a Day 4 now after the attack has taken place. They are still making it delayed on some of the lanes and following the regular service runway.

More updates

“So if you’re trying to use one of the apps on your phone, and you’re waiting at a bus stop you will not see the next vehicle arriving or you may see something but it won’t be accurate, as well as the internal emails that are down so we have no network service,” said Stuart Green, TTC Spokesperson in a statement given to CP24.

Anytime a ransomware attack can create a real-world impact, such as long lines or service disruption, cyber-criminals will likely demand higher ransom, with the expectation that victims will pay quickly. For the Toronto Transit Commission (TTC), thankfully, they reported no significant transit service disruption.”

Update 01/11/2021 7:39pm ET: The TTC is not working with Darktrace. The story has been updated to reflect this.