The public transport system Montreal Transport Company (STM) Montreal ransomware attacked by RansomExx, which affected the services and online systems. On October 19, there were outages at STM that affected the systems IT, its site and customer service.
While these interruptions did not affect the operation of buses or subway systems, people with disabilities rely on the door-to-door service paratransit of STM, are affected, as it uses an online registration system.
Earlier this week, STM announced that the outages were caused by a computer virus that significantly affected various platforms. Montreal's public transport system later confirmed that it had been attacked by ransomware, stressing that it was cooperating with authorities as well as experts. security to restore the systems and investigate it attack. The official announcement issued for this security incident stated the following: "The Société de transport de Montréal (STM) would like to inform its customers that the outages on the afternoon of October 19 are the result of a kind of ransomware that targets all applications, despite the various mitigation defenses. and the prevention of such risks. "
Additionally, the STM site is currently down, however, visitors are being redirected to www.lastm.info, where information is published on public transport and the attack.
An insider familiar with the situation reported that the STM was attacked by RansomExx ransomware. This is a new variant of it Defray777 ransomware that was observed last June, having carried out attacks against organizations such as Texas Department of Transportation, Konica Minolta, IPG Photonics and Tyler Technologies.
According to BleepingComputer, RansomExx operators aim to break into a network and steal unencrypted archives. Once they have access to the controller domain of Windows, develop ransomware on all devices on the network. It is not known at this time whether the STM has contacted ransomware operators or negotiated a ransom.