Ransomware attack disrupts Toronto's public transportation system

A ransomware attack has disrupted the activities of the Toronto public transportation agency and has taken down several systems used by drivers and commuters alike.

The Toronto Transit Commission said the attack was detected last week on Thursday night and was discovered by a TTC IT staffer who detected "unusual network activity."

"Impact was minimal until midday today (Friday, Oct. 29) when hackers broadened their strike on network servers," the agency said in a press release on Friday.

According to TTC spokesperson Stuart Green, the incident impacted internal systems, such as the agency's internal email server and TTC Vision, a video-based driver communication system. This was replaced by a classic radio-based communication system until the issue would be resolved.

Besides TTC backend systems, the incident also impacted customer-facing servers as well. The booking portal for Wheel-Trans, a transportation option for persons with disabilities, is still offline at the time of writing.

In addition, the attack has also impacted the ability to show real-time information about TTC vehicles on station platform screens, inside trip-planning apps, and on the TTC website, Green said.

But despite the attack, public transportation routes were not disrupted. Buses, trams, and subway trains continued to run as normal, officials said.

Montreal, Vancouver, and now Toronto

At the time of writing, no ransomware gang has taken credit for the incident.

Toronto is Canada's largest urban population center. Following last week's attack, ransomware gangs have now hit the public transportation systems of all of Canada's three biggest cities, after similar attacks hit Montreal's STM in October 2020 and Vancouver's Metro's in December 2020.

Hackers asked CAD$2.8 million from STM and CAD$7.5 million from Metro, but neither agency paid the ransom demands. TTC did not disclose the ransom demand it received.

Other ransomware attacks that hit public transportation systems over the past few years include attacks on:

None of these attacks have ever disrupted public transports, as agencies were usually able to run routes on time even without the aid of computer systems.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.