The Toronto Transit Commission (TTC) unveiled that its IT systems had suffered a ransomware attack.
The transit operator said that the hackers began their attack last Thursday night, spilling over to Friday the next day. A spokesperson said that the cyberattack has not caused any significant disruption to transit service and that neither the public nor TTC employees are at risk.
"The full extent of the attack is being looked into and the TTC is working with law enforcement and cybersecurity experts on the matter," TTC spokesperson Stuart Green said in a release last week. Green added that the operator is working with law enforcement and cybersecurity experts, and that the City of Toronto’s IT services department has also been consulted on the matter.
New details regarding the ransomware attack have surfaced over the weekend.
Shabnum Durrani – head of corporate communications at TTC – spoke with IT World Canada, explaining that the ransomware attack’s impact on TTC’s bus and subway service has so far been “minimal.” However, Durrani also noted that the malware managed to knock down TTC’s Vision communications system, which is used to communicate with drivers. This has forced the operators to rely on radios to communicate with transit control. TTC’s internal email was also taken down – but Durrani could not say if the attackers managed to copy staff emails or corporate data.
Durrani also said that the ransomware has disabled the Wheel Trans van service, preventing users from booking online. TTC’s ‘next vehicle’ information service, which shows when the next bus or subway train arrives on platforms, was also disabled due to the malware.
When asked if the TTC has figured out how the cyberattack started, and which type of ransomware was involved, Durrani said that the company is still “looking into the situation.” And when asked if TTC has been in contact with the ransomware attackers, the communications head said that the operator is unable to comment at this time.