Some transit workers tighten belts after payroll hit by ransomware

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Article content continued

One consequence of the workaround is that overtime isn’t being paid out right now. But employees can request $500 bumps in their advance pay to account for expected shortfalls.

“Is it going to be 100 per cent accurate? No. But they’re giving us assurance that they’re willing to help out anybody who requests (it),” Mann said.

Asked whether he believed TransLink was prepared for the kind of attack it suffered, Mann said he did. He guessed it could still be a few weeks before the payroll system was back online.

Dominic Vogel, a cybersecurity expert and founder and chief strategist of Vancouver-based firm CyberSC, said it isn’t necessarily a poor reflection of a company’s technical capabilities when it’s hit by asuccessful ransomware attack. And hesaid it can be a very, very substantial task for a company and its IT team to repair the damage done in an attack.

“I guarantee they have been working tirelessly, even throughout the holidays to try and recover this,” he said.

Earlier this month in a news release, TransLink CEO Kevin Desmond confirmed the transit authority had been attacked.

“Upon detection, we took immediate steps to isolate and shut down key IT assets and systems in order to contain the threat and reduce the impact on our operations and infrastructure,” he said.

Desmond said TransLink planned to do a “comprehensive forensic investigation” to find out how the ransomware attack happened and what information might have been accessed. But he said TransLink uses a third-party payment processor for fare transactions and it doesn’t store fare payment data.