The Toronto Transit Commission (TTC) is investigating a ransomware attack that took down several systems and services on Friday afternoon.
TTC spokesperson Stuart Green said IT staff were first alerted to “unusual network activity” on Thursday evening.
The impact of the attack was initially “minimal,” but around midday Friday, the hackers “broadened their strike on network servers.”
The attack knocked down the TTC’s Vision System, which transit control uses to communicate with vehicle operators. Staff are still able to communicate via radio.
Hackers also took out the “Next Vehicle Information System” on platform screens, trip planning apps, and the TTC’s website.
Online Wheel Trans bookings are unavailable as well, as is the TTC’s internal email service.
As of Saturday morning, all the aforementioned systems and services continue to be down, Green said, noting that staff are working “safely and securely” to restore them.
He did not specify whether the hackers had requested a ransom.
#TTC staff and external cybersecurity experts continue to troubleshoot yesterday’s ransomware attack.
Systems impacted by the attack are still down but we’re working to safely and securely restore them.
Yesterday’s statement with alt text below. pic.twitter.com/uGVFByYIKT
— TTCStuart 🚈🗣️ (@TTCStuart) October 30, 2021
- You might also like:
- TTC to reduce service due to employees not complying with vaccine mandate
- Ontario reports just over 350 new COVID-19 cases, four deaths
- There's going to be traffic on Toronto's Danforth Avenue for two months
“The full extent of the attack is being looked into, and the TTC is working with law enforcement and cybersecurity experts on this matter,” Green said.
“This incident did not cause significant service disruptions and here is no risk to employee or customer safety.”
As a result of the attack, the TTC has cancelled a subway closure scheduled for Saturday between St. Clair and College stations.