Societé de Transport de Montréal (STM), the official name of the public transport system of one of Canada’s most important cities, has revealed that it was the victim of an attack that impacted its online services and systems, as mentioned by BleepingComputer. The incident reportedly occurred on October 19, when STM detected a sample of the RansomExx ransomware on its customer support systems and website.
Although bus or subway operations were not generally disrupted, multiple users with disabilities who rely on a door-to-door service provided by STM were affected because the system keeps track online. In a brief statement issued Tuesday morning, STM noted that the outages were caused by a “computer virus that caused considerable failures on various platforms.”
A few hours later, STM issued a new statement confirming that the outages were caused by a ransomware attack: “We want to inform our customers that the incident suffered on October 19 in the afternoon is the result of a variant of ransomware that managed to enter our systems despite our strict security measures.” STM is working with Canadian authorities and security firms to restore their systems.
The STM website is still out of service, although a temporary platform was enabled to resolve the doubts of concerned users.
Regarding the ransomware variant used by hackers, cybersecurity specialists mention that RansomExx is a variant of Defray777, a variant widely used in similar attacks such as those that occurred at the Texas Department of Transportation, Tyler Technologies, among other organizations.
Like other ransomware groups, RansomExx operators steal unscrypted files as they spread laterally through the system. Once they access the Windows domain controller, they deploy the ransomware on all available devices. It is not known if STM has been in contact with ransomware operators or the ransom amount.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.