Hacker behind Montreal transit agency cyberattack asks for $2.8M ransom

Passengers board a train on the Montreal métro at Lionel-Groulx station in the city's Sud-Ouest borough. The transit agency says it will not pay a ransom following an Oct. 19, 2020 cyberattack. Benson Cook / Global News

The Société de transport de Montreal (STM) said it has no intention of paying a ransom demand it received on Wednesday evening.

“Following communication with the hacker, a ransom demand of US $ 2.8 million was made,” the STM said in a statement published Thursday.

“The STM maintains its decision not to act on this request.”

Launched on Oct. 19, the attack affected 1,000 of the transit agency’s 1,600 servers. Of those, 624 are considered operationally sensitive.

By Thursday, the STM said that 77 per cent of the 624 servers had been restored, “thanks to the hard work of IT teams.”

Story continues below advertisement

An ongoing investigation has yet to formally identify the virus used in the attack.

The STM said, however, that the ransomware attack was similar to RansomExx and that it happened as the result of a phishing email.

While the STM’s website was knocked offline, the company says that no data was stolen and that bus and metro services were not affected.

Meanwhile, the agency’s paratransit reservation system was restored on Oct. 25.

Furthermore, the STM said that its 11,000 employees had received their pay in an “almost normal manner” and that all its suppliers had been paid.

The STM says it will not release further details pertaining to the nature of the attack, so as to not interfere with the investigation.

Click to play video: 'Cyberattack at Montreal health centre prompts information system shutdown'
Cyberattack at Montreal health centre prompts information system shutdown

The STM is not the only local agency dealing with cyberattacks.

Story continues below advertisement

On Thursday, Quebec health minister Christian Dubé confirmed the CIUSSS Centre-Ouest-de-l’île-de-Montreal, a regional health agency,  was also targeted.

As a preventative measure, the health authority shut down its networks in a bid to protect personal data.

The CIUSSS said an investigation into the matter has been launched and that so far, there is nothing to suggest that patient or staff information has been accessed or compromised.

Sponsored content