TransLink Confirms Ransomware Data Theft, Still Restoring Systems
upstart writes in with an IRC submission:
TransLink confirms ransomware data theft, still restoring systems:
Metro Vancouver's transportation agency TransLink has confirmed that the Egregor ransomware operators who breached its network at the beginning of December 2020 also accessed and potentially stole employees' banking and social security information.
TransLink announced on December 1, 2020, that the transportation network was experiencing issues with their computing systems following a cyberattack.
These information technology issues impacted the company's phones and online services, as well as the customers' ability to pay for fares with a credit card or debit card. TransLink's transit services were not affected by the IT problems caused by the ransomware attack.
"We are now in a position to confirm that TransLink was the target of a ransomware attack on some of our IT infrastructure," TransLink disclosed in a statement following the incident. "This attack includes communications to TransLink through a printed message."
[...] Egregor is a ransomware operation that partners with affiliates who hack into targets' networks and deploy ransomware payloads, earning 70% of the ransom payments with the Egregor operators getting a 30% revenue share.
The affiliates who infiltrate victims' networks are also known for stealing files before encrypting devices using Egregor ransomware and for using them as leverage under the threat of publicly leaking them unless the ransom is paid.
Egregor started operating in September 2020 after Maze shut down their operation, with many of the Maze affiliates switching to Egregor as threat actors told BleepingComputer.
Read more of this story at SoylentNews.