A hacker behind the recent ransomware attack on Montreal's transit agency, that shut down 624 operationally sensitive servers, has demanded $2.8 million in ransom to restore normal operations.
The ransomware attack resulted in the shutdown of around 1,000 of 1,600 servers operated by the Société de transport de Montréal (STM), the transit agency of Montreal. While normal bus and metro services were not affected, the reservation system for adapted transit went offline and so did the STM's website.
As a result of the ransomware attack, STM was not able to honour travel reservations made before 9:15PM on Sunday, and Montreal residents were unable to book new reservations or modify existing reservations. STM said in a recent statement that the attack took down 624 operationally sensitive servers but no passenger data was stolen by the hacker.
[Avis à la clientèle] 🚇🚌⚠️ Nous sommes toujours aux prises avec une panne majeure de nos systèmes informatiques causée par un virus de type rançongiciel.
Nous vous garderons à jour lorsqu'une plateforme sera à nouveau disponible.
— STM - Prenons soin de nous. (@stminfo) October 26, 2020
While the STM restored the reservation system for adapted transit this Sunday, its website is still down and a quarter of the affected operationally-sensitive servers are yet to be restored. The agency said that the hacker behind the ransomware attack has demanded a ransom of $2.8 million to restore normal operations but also said it will not comply with the demand.
As of now, STM's customer service team can be contacted by phone but since it does not have access to the computer system, it cannot respond to requests for routes and bus schedules. The computer failure has also affected data related to OPUS year-round and OPUS & Cie subscriptions, so it is not possible for people to subscribe, unsubscribe, or view their profile, whether online or by phone.
STM has not revealed the identity of the hacker nor has the agency disclosed which ransomware variant was used to target its systems. According to news reports, the hacker gained access to the agency's network through a phishing email prior to deploying the ransomware.