On December 1st, transportation agency TransLink announced that they were having issues with systems that affected phones, online services and payment processing. The transit services themselves were unaffected. Once payment systems were restored, TransLink confirmed that the incident had been a ransomware attack that included a ransom note printed on the victim’s printer equipment by the malware. Jordan Armstrong, a reporter for Global BC tweeted a picture of the printed ransom note which displayed links to the Egregor live chat website.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased