Ransomware Attacks Montreal Transit System: Cybercriminals Demand $2.8M

Cybercriminals recently used ransomware to temporarily shut down the website of Société de transport de Montreal (STM), the agency responsible for Montreal’s transit system, according to the Montreal Gazette. They also demanded a $2.8 million ransom payment; STM has refused to pay the ransom.

The ransomware attack occurred October 19 and disabled STM’s reservation system for adapted transit, Infosecurity Magazine reported. It caused an outage that affected 624 operationally sensitive servers, but STM’s bus and metro networks were unaffected by the attack.

STM’s paratransit reservation system was restored on October 25, and approximately 77 percent of the servers impacted by the attack have been restored thus far, Infosecurity Magazine indicated. As of October 29, STM continues to work on restoring the remainder of its servers affected by the attack.

Cybercriminals may have used a phishing email to gain access to STM’s network during the attack, the Gazette indicated. However, an investigation into the attack remains ongoing.

Cybercriminals Attack Montreal Health Agency

Along with the STM ransomware attack, hackers last week launched a cyberattack against Montreal health agency CIUSSS du Centre-Ouest-de-l’Île-de-Montreal, the Gazette reported.

After it discovered the cyberattack, CIUSSS disconnected its Internet service and barred remote access to its network, the Gazette stated. Meanwhile, the personal information of CIUSSS staff and patients was not accessible or compromised during the cyberattack.

CIUSSS is working with cybersecurity professionals to address the incident. It also is encouraging staff to ensure that all patient-care material is printed or moved to a secure external storage device and verify that all new documents are stored on a secure USB key or printed.

Return Home

1 Comment



    Thank you Dan for posting latest information on Ransomware!! Despite a recent decline, ransomware is still a serious threat. Thanos is the newest ransomware, discovered in March 2020. It is sold as ransomware as a service, It is the first to use the RIPlace technique, which can bypass most anti-ransomware methods.

    Be careful with all kinds of data breaches!!!

Leave a Reply

Your email address will not be published.