Several TTC services are still down following ransomware attack

The 'Next Vehicle Information System' on station screens is currently unavailable

After being targeted by a ransomware attack on Thursday, October 28th, the Toronto Transit Commission’s (TTC) Wheel-Trans online booking site, trip-planning applications, and other communications services are still offline.

According to a statement released Saturday evening, the TTC first realized that its services are under attack on Thursday night when an IT employee discovered “unusual network activity.” According to the TTC, the attack initially had a “minimal” impact but got worse by mid-Friday.

The attack knocked out the TTC’s Vision System, which is used to communicate with vehicle operators. As of now, the TTC is using radio backup to communicate with its employees. The ‘Next Vehicle Information System’ on station screens, the TTC website, and the TTC’s internal email service are among the other services that have also been compromised.

“So if you’re trying to use one of the apps on your phone, and you’re waiting at a bus stop you will not see the next vehicle arriving or you may see something but it won’t be accurate, as well as the internal emails that are down so we have no network service,” said Stuart Green, TTC Spokesperson in a statement given to CP24.

The transit agency is working with law enforcement and cybersecurity professionals, including the City of Toronto’s IT department to resolve the problem and figure out what caused the assault. “As transit systems bounce back from the massive lull in ridership during the pandemic, they become an enticing target for ransomware actors,” said Darktrace’s director of strategic threat, Marcus Fowler in a statement given to MobileSyrup. ”

Anytime a ransomware attack can create a real-world impact, such as long lines or service disruption, cyber-criminals will likely demand higher ransom, with the expectation that victims will pay quickly. For the Toronto Transit Commission (TTC), thankfully, they reported no significant transit service disruption.”

Update 01/11/2021 7:39pm ET: The TTC is not working with Darktrace. The story has been updated to reflect this.

Via: CP24