Egregor ransomware operators made the headlines again, this time they hit Metro Vancouver’s transportation agency TransLink causing the disruption of its services and payment systems.
The news was also confirmed by Global News which has obtained the ransom letter sent to TransLink after the company announced to have detected “suspicious network activity” this week that has caused several major problems across the transit system.
On December 1st, TransLink’s announced that they were having IT issues that impacted phones, online services. The payments with credit or debit cards were not possible for three days, according to the company, the transit services were unaffected by IT problems.
Upon restoring the payment systems, Metro Vancouver’s transportation agency TransLink issued a statement announcing that a ransomware attack was the root cause of IT issues.
TransLink CEO Kevin Desmond confirmed the ransomware attack in a media release late Thursday.
“We are now in a position to confirm that TransLink was the target of a ransomware attack on some of our IT infrastructure. This attack included communications to TransLink through a printed message,” said Desmond.
Global BC anchor Jordan Armstrong shared a picture of the ransom note that was repeatedly printed by TransLink printers after the attack. The image confirmed that the company was hit by the Egregor operators, a group that intensifies its operations after the Maze ransomware shutdown its activities.
Egregor is known to target printers of the compromised organizations, instituting them to print the ransom note.
(SecurityAffairs – hacking, Egregor ransomware)