Ransomware attack disrupts Toronto's public transportation system
A ransomware attack has disrupted the activities of the Toronto public transportation agency and has taken down several systems used by drivers and commuters alike.
The Toronto Transit Commission said the attack was detected last week on Thursday night and was discovered by a TTC IT staffer who detected "unusual network activity."
"Impact was minimal until midday today (Friday, Oct. 29) when hackers broadened their strike on network servers," the agency said in a press release on Friday.
According to TTC spokesperson Stuart Green, the incident impacted internal systems, such as the agency's internal email server and TTC Vision, a video-based driver communication system. This was replaced by a classic radio-based communication system until the issue would be resolved.
Besides TTC backend systems, the incident also impacted customer-facing servers as well. The booking portal for Wheel-Trans, a transportation option for persons with disabilities, is still offline at the time of writing.
In addition, the attack has also impacted the ability to show real-time information about TTC vehicles on station platform screens, inside trip-planning apps, and on the TTC website, Green said.
But despite the attack, public transportation routes were not disrupted. Buses, trams, and subway trains continued to run as normal, officials said.
Montreal, Vancouver, and now Toronto
At the time of writing, no ransomware gang has taken credit for the incident.
Toronto is Canada's largest urban population center. Following last week's attack, ransomware gangs have now hit the public transportation systems of all of Canada's three biggest cities, after similar attacks hit Montreal's STM in October 2020 and Vancouver's Metro's in December 2020.
Hackers asked CAD$2.8 million from STM and CAD$7.5 million from Metro, but neither agency paid the ransom demands. TTC did not disclose the ransom demand it received.
Other ransomware attacks that hit public transportation systems over the past few years include attacks on:
- San Francisco's MUNI in November 2016
- Sacramento's Regional Transit in November 2017
- Fort Worth's Trinity Metro in July 2020
- Philadelphia's SEPTA in October 2020
- Ann Arbor Area Transportation Authority in October 2021.
None of these attacks have ever disrupted public transports, as agencies were usually able to run routes on time even without the aid of computer systems.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.