Skip to content ↓ | Skip to navigation ↓

A public transport agency operating in Montréal announced that a ransomware attack had affected its website and other systems.

The Société de transport de Montréal (STM) disclosed the infection on a web page it created to keep customers updated about its services while its main site remains offline:

Since the afternoon of October 19, the STM has been dealing with a ransomware computer virus that has caused a major failure affecting multiple platforms, including our website.

We will update this page as the situation changes. Rest assured that our teams are working tirelessly to resolve the situation as quickly as possible so that you can keep riding with us.

In its statement, STM noted that individuals could still contact customer service. It did clarify that its representatives weren’t able to access the agency’s computer system at the time of writing, however, and were therefore unable to provide information about bus routes and schedules.

STM revealed that métro and bus service was normal but that after-sales service was not available. Additionally, it said that its paratransit services would honor medical and work trips with a reservations beginning on October 21 after it canceled all trips except for those regarding medical appointments on the previous day.

As of this time, the agency had not found evidence to suggest that the attack had affected its employee or customer information.

The statement released by the Société de transport de Montréal didn’t provide insight into how the attack occurred or what family of ransomware was responsible for the infection.

Citing someone familiar with the investigation, Bleeping Computer reported the RansomExx gang had been responsible. Wielding a rebranded version of the Defray777 ransomware, the RansomExx attackers have a history of compromising an organization’s network, stealing unencrypted files, spreading laterally through the network and gaining access to the Windows domain controller before deploying their crypto-malware payloadsp.

News of this attack arrived approximately four years after San Francisco’s transport system, known as Muni, suffered a ransomware attack that forced the network to offer free rides to passengers.