Skip to main content

TTC investigating ransomware attack that compromised multiple servers

Share
TORONTO -

The Toronto Transit Commission says it is investigating a ransomware attack that knocked down some of its communications system and affected a number of its services Friday.

In a statement issued Friday evening, the TTC said they first became aware of the attack Thursday when an IT employee discovered that there was an "unusual network activity."

The TTC said the impact of the hack was initially "minimal," but mid-Friday, "hackers broadened their strike on network servers."

"We discovered it late yesterday afternoon, late evening. And then today, it really, really became quite apparent. A number of our servers were compromised," TTC spokesperson Stuart Green told CP24.

"Right now, our priority is on securing our system. And then we'll figure out how it all happened and to make sure it doesn't happen again."

The attack has crippled the TTC's Vision System, which is used to communicate with vehicle operators.

"We do have radio backup, so there's no issue communicating with the operators," Green said.

Hackers also took down the 'Next Vehicle Information System' on platform screens, trip-planning apps, the TTC website, and the online Wheel-Trans online booking portal.

The TTC's internal email service was also affected.

"I'm talking to you on my personal phone because we don't have network systems here or network service here at the TTC office. So, I don't have email. I don't have internet service. So that's the kind of thing that's being impacted right now," Stuart said.

The TTC noted that there were no major service disruptions during the attack and "there is no risk to employee or customer safety."

Stuart said they have called in law enforcement and are working with cybersecurity experts, including the City of Toronto's IT department, to determine what happened.

"We think we've contained it by now. We do have to do some testing and some maintenance overnight just to make sure that our systems are secure and safe," he said.

When asked if the TTC has been contacted by hackers to ask for ransom, Stuart said, “As these things are criminal investigations, there’s nothing I can say about what’s going to happen there will let the police do their work, law enforcement.”

The TTC announced that it cancelling its planned subway closure on Saturday between St. Clair and College stations

"Our priority right now is on securing our system, making sure that we can get our customer information systems and our vision system fully back online," he said.

"We'll do some due diligence and make sure that we've addressed all the safety concerns that we have about our systems' security."

CTVNews.ca Top Stories

Stay Connected