Toronto Transit Commission still recovering from ransomware attack

IT staff at the Toronto Transit Commission (TTC) were still dealing with the effects of a ransomware attack on Saturday afternoon, approximately 40 hours after suspicious network activity was detected.

Asked if the TTC has determined how the attack started, and identified the strain of ransomware involved, Shabnum Durrani, head of corporate communications said, “We are still looking into the situation.”

She stressed that the impact on the bus and subway service of the nation’s biggest transit system so far has been minimal, although its Vision communications system used to communicate with drivers, has been knocked offline. Operators have been forced to communicate with Transit Control with radios.

In addition, those needing to use the Wheel Trans van service for transit can’t book online. Instead they have to phone to reserve pickup.

Also offline is the TTC ‘next vehicle’ information service, which displays when the next bus or subway train will arrive on platforms and on trip planning apps.

The TTC’s internal email service is also offline. Durrani couldn’t say if the attackers were able to copy emails of employees, nor could she said if any corporate data was copied. These issues are still being investigated, she said.

Durrani also wouldn’t say if the TTC has been in contact with the attackers. “I cannot comment on that at this time,” she said.

When asked if the TTC has brought in more IT resources to help investigate and restore service, she said the commission is working with other partners, and on the question of whether the Ontario government has been asked for help, she responded that “all levels of government are aware of the situation. We are working with the Toronto Police.”

She added, “The TTC has business continuity plans in place, but as you know, cyber attacks are evolving very quickly.”

Not the first attack on a transit system

A number of transit systems have been impacted by ransomware in recent years, noted Brett Callow, a British Columbia-based threat analyst for Emsisoft. These include British Columbia’s TransLink which was hit with a $7.5 demand late last year.

In 2016 San Francisco’s transit system was hit by ransomware,…