Tag: recovering | Page 2

Toronto Transit Commission still recovering from ransomware attack

October 31, 2021/in Internet Security

IT staff at the Toronto Transit Commission (TTC) were still dealing with the effects of a ransomware attack on Saturday afternoon, approximately 40 hours after suspicious network activity was detected.

Asked if the TTC has determined how the attack started, and identified the strain of ransomware involved, Shabnum Durrani, head of corporate communications said, “We are still looking into the situation.”

She stressed that the impact on the bus and subway service of the nation’s biggest transit system so far has been minimal, although its Vision communications system used to communicate with drivers, has been knocked offline. Operators have been forced to communicate with Transit Control with radios.

In addition, those needing to use the Wheel Trans van service for transit can’t book online. Instead they have to phone to reserve pickup.

Also offline is the TTC ‘next vehicle’ information service, which displays when the next bus or subway train will arrive on platforms and on trip planning apps.

The TTC’s internal email service is also offline. Durrani couldn’t say if the attackers were able to copy emails of employees, nor could she said if any corporate data was copied. These issues are still being investigated, she said.

Durrani also wouldn’t say if the TTC has been in contact with the attackers. “I cannot comment on that at this time,” she said.

When asked if the TTC has brought in more IT resources to help investigate and restore service, she said the commission is working with other partners, and on the question of whether the Ontario government has been asked for help, she responded that “all levels of government are aware of the situation. We are working with the Toronto Police.”

She added, “The TTC has business continuity plans in place, but as you know, cyber attacks are evolving very quickly.”

Not the first attack on a transit system

A number of transit systems have been impacted by ransomware in recent years, noted Brett Callow, a British Columbia-based threat analyst for Emsisoft. These include British Columbia’s TransLink which was hit with a $7.5 demand late last year.

In 2016 San Francisco’s transit system was hit by ransomware,…

Source…

Northern Ontario police force recovering from ransomware attack

August 31, 2021/in Internet Security

A Northern Ontario police force is still trying to recover from a ransomware attack last week.

Sault Ste. Marie, Ont., police put out a statement today saying its 911 service was not affected, nor was its online reporting system for less urgent crimes. “At no time was our ability to respond to calls for service compromised,” the statement said.

However, the force’s email service isn’t available. It has not said whether its police dispatch or records systems were impacted.

The statement said the force became aware of the ransomware attack on Thursday, August 26th, and added, “Information Technology staff are working through the attack to regain access to affected systems.”

Government departments and services such as police forces are considered by some attackers to be prime targets on the assumption they are more likely to pay a ransom because they provide critical infrastructure services.

Earlier this year those behind the ransomware attack on the Washington, D.C. police force threatened to release copied personal data on police officers and informants unless a US$4 million ransom was paid. The department offered $100,000, which was reportedly refused. After that extensive profiles of 22 officers including their Social Security numbers and dates of birth were published, possibly putting them at risk.

Ransomware gangs operate at two levels: Some are wholly-contained operations, while others run ransomware-as-a-service (RaaS)operations, where affiliate members actually do the targeting and hacking. Some cybersecurity vendors report RaaS gangs have lately become nervous as their affiliates target high-profile targets — such as hospitals and pipelines — which are more likely to attract hostile public reaction and combined attention of law enforcement.

For example, after attacking the U.S. Colonial Pipeline — which resulted in the pipeline being temporarily shut down and creating long lines at East Coast gas stations — the web servers of the Darkside ransomware group were seized, as well as its payment server. It is assumed the U.S. had something to do with that.

Subsequently the Darkside group apparently re-emerged calling itself BlackMatter. It listed a number of…

Source…

Florida Heart Associates recovering from ransomware hack

July 25, 2021/in Internet Security

CAPE CORAL, FLA — Cybersecurity experts, like Florida Gulf Coast University’s Eugene Hoyt, say hacking is on the rise.

“It’s a serious uptick right now,” he said, “So it’s not just the large government agencies being hacked, you’re having local government’s being hacked and all the way down to individuals.”

And one of the more popular types being used is ransomware.

“Basically trying to get you to click on links that look legit to gain access to your computer,” he said.

Once the hackers are in, they lock down your system and demand a ransom to release it.

So, should you pay the ransom?

“I highly say ‘no,'” said Hoyt.

However, Hoyt also adds that sometimes companies have to pay or risk losing everything.

It’s a sticky situation that the CEO of Florida Heart Associates, Todd Rauchenberger, tells FOX 4 the company found itself in, in May.

They ultimately chose not to pay and were able to get control back, but not before hackers took down their phone lines and essentially destroyed their entire system.

The family of an FHA patient says they’ve been trying to get their loved one seen by a doctor for months.

“You can’t get in to get an appointment,” said Brittany Wallace, “No one ever called and then we get a letter in the mail a couple of weeks after that stating that patients’ information was [exposed] or that their system was hacked.”

And Wallace says the hack came at scary time.

“One of his important medications that he didn’t have any refills on was about to run out,” he said.

FHA tells FOX 4 that they’ve lost staff as a result of the hack and only just got their phones back online.

In all, they estimate that they’re operating at about 50 percent right now.

And in order to accommodate families, like the Wallaces, FHA is now taking walk-in appointments.

That family says that’s something they’ll be taking advantage of, but they’re also encouraging other patients to share their concerns.

“The squeaky wheel gets the grease you just have to keep calling and like you said, walk-in,” said Wallace.

Rauchenberger also tells FOX 4 that they’re hoping to be back up and fully running by late August or early September. In the meantime, if you have questions about the hack they have set up a call center. You…

Source…

Sarasota’s Florida Studio Theatre recovering from ransomware attack

February 25, 2021/in Internet Security

Florida Studio Theatre’s computer systems were shutdown by a ransomware attack that is under investigation by the Sarasota Police Department and other law enforcement agencies.

Florida Studio Theatre was hit by a ransomware attack on its business systems over Valentine’s Day weekend that compromised some internal office files, but Managing Director Rebecca Hopkins said Thursday there is no evidence so far that any patron information or credit card numbers were affected.

The attack happened on Feb. 12 and “basically shut us down. It shut down our network. We reacted immediately to it of course, but it was basically a business interruption,” she said.

Ticket Newsletter:Sign up to receive the latest news on things to do, restaurants and more every Friday

More:FST plans to reopen theaters in March

Theater staff was unable to access some project files until they were recreated in a safer system.

Hopkins said the theater immediately reported the attack to the Sarasota Police Department. Genevieve Judge, SPD public information officer, confirmed the case is under investigation and that police are working with “other local, state and federal law enforcement partners. These are often long and lengthy investigations that can take months.”

Hopkins said the theater coordinated quickly with its own IT staff and an outside IT firm to “pull the plug on our system.”

The hackers blocked the theater’s access to its ticketing system, Tessitura, until files and other systems could be rebuilt. Hopkins said the theater had to be cautious in how it replicated files and programs so the process didn’t compromise the investigation.

“This was a totally random thing. They hit a bunch of businesses. That is what they do. It’s not some angry Sarasotan who is made at us. They don’t know us from Tom,” Hopkins said. “They just managed to get in here. It happens to all kinds of businesses.”

Because of an increase in ransomware cases, Hopkins said the theater had taken out cyber insurance to protect the non-profit operation from potential financial losses.

Hopkins said the theater has been working with a “law firm that specializes in this to make sure we’re doing everything to the letter. They are advising us every step of the way. Our first concern at the organization is that we do exactly what we’re supposed to do.”

If any compromised information is…

Source…

Tag Archive for: recovering

Not the first attack on a transit system