Hacker behind Montreal transit agency cyberattack asks for $2.8M ransom

Passengers board a train on the Montreal métro at Lionel-Groulx station in the city's Sud-Ouest borough. The transit agency says it will not pay a ransom following an Oct. 19, 2020 cyberattack. Benson Cook / Global News

The Société de transport de Montreal (STM) said it has no intention of paying a ransom demand it received on Wednesday evening.

“Following communication with the hacker, a ransom demand of US $ 2.8 million was made,” the STM said in a statement published Thursday.

“The STM maintains its decision not to act on this request.”

Read more: STM still investigating widespread outage sparked by ransomware attack

Launched on Oct. 19, the attack affected 1,000 of the transit agency’s 1,600 servers. Of those, 624 are considered operationally sensitive.

By Thursday, the STM said that 77 per cent of the 624 servers had been restored, “thanks to the hard work of IT teams.”

Story continues below advertisement

An ongoing investigation has yet to formally identify the virus used in the attack.

The STM said, however, that the ransomware attack was similar to RansomExx and that it happened as the result of a phishing email.

Read more: Computer virus knocks STM’s website offline

While the STM’s website was knocked offline, the company says that no data was stolen and that bus and metro services were not affected.

Meanwhile, the agency’s paratransit reservation system was restored on Oct. 25.

Furthermore, the STM said that its 11,000 employees had received their pay in an “almost normal manner” and that all its suppliers had been paid.

The STM says it will not release further details pertaining to the nature of the attack, so as to not interfere with the investigation.

Click to play video: 'Cyberattack at Montreal health centre prompts information system shutdown' Cyberattack at Montreal health centre prompts information system shutdown
Cyberattack at Montreal health centre prompts information system shutdown – Oct 29, 2020

The STM is not the only local agency dealing with cyberattacks.

Story continues below advertisement

On Thursday, Quebec health minister Christian Dubé confirmed the CIUSSS Centre-Ouest-de-l’île-de-Montreal, a regional health agency,  was also targeted.

Read more: Cyberattack at Montreal health centre prompts information system shutdown

As a preventative measure, the health authority shut down its networks in a bid to protect personal data.

The CIUSSS said an investigation into the matter has been launched and that so far, there is nothing to suggest that patient or staff information has been accessed or compromised.

Sponsored content