The organization that attacked the Société de transport de Montréal (STM) and has crippled its computer network for the past week is a powerful group of hackers that began cracking down in the United States earlier this year.
• Read also: The computer failure at the STM still not restored
• Read also: A computer virus paralyzes the STM website
According to our information, it was the RansomExx group that attacked the STM. The organization has a reputation for carefully planning its attacks.
“They target large organizations and take the time to understand what they are infecting to get a good idea of the ransom they can ask,” said Alexis Dorais-Joncas, intelligence team leader security at the antivirus firm ESET.
In mid-May, RansomExx attacked the Texas Department of Transportation, the equivalent of the Department of Transportation in Quebec. A week earlier, the hacker group had already attacked the Texas justice system.
In late July, these hackers, formerly working under the name Defray777, attacked the multinational Konica Minolta and, a few weeks later, attacked the optical equipment firm IPG Photonics.
No ransom demand from the STM
On Monday, the STM said the hackers did not send it a ransom demand.
“No, we have not received a ransom note. In any case, our policy is not to act on such requests, ”said spokesperson Amélie Régis.
The STM’s IT teams are in the process of restoring the various systems from recent backups, a tedious operation, according to the carrier.
Montreal public transport users have not suffered too much: since the attack on Monday, buses and the metro have not stopped running, and it is still possible to buy all tickets in the metro stations and on the online OPUS platform.
However, the November STM monthly pass cannot be purchased in pharmacies and convenience stores for the moment, and the website remains inaccessible.
Suppliers and employees on standby
However, companies doing business with the STM as well as employees suffered the repercussions of the attack.
STM suppliers were informed on Friday that bill payment could not be made at this time. “We are in 2020, it is not normal that the STM is able to operate its bus and metro services, but does not have a plan B to pay its suppliers”, argued one of them, on condition of anonymity.
The STM could not indicate the number of suppliers affected by the attack, but said that teams are already working to pay them.
The outage caused by the attack will also deprive nearly 2,500 STM employees of part of their pay. In an internal statement released on Friday, the carrier said the outage prevented it from paying bonuses and overtime to its bus drivers, metro operators and station agents.
These amounts will be paid when the situation is restored, said the STM.