Sometimes malware gives a gift to ordinary people.
That’s what happened Tuesday at an Ottawa parking garage when apparently an Internet-connected parking control system was attacked. When people left for the day they didn’t have to scan their parking passes or pay for parking. The entry gate was up and anyone could park for free.
One of those using the lot was Spencer Callaghan, a spokesperson for the Canadian Internet Registry Authority (CIRA), which oversees the .ca domain. He took and posted a photo of a parking payment screen on Wednesday which said, “All your files have been encrypted,” suggesting the system had been hit by ransomware.
One Ottawa resident who also uses the lot tweeted a photo of a paper sign from Precise ParkLink of Toronto, which manages the garage system, that had been posted over parking pass scanner an said, “All pay stations are out of service.”
ITWorldCanada.com tried to reach out to Precise ParkLink this morning for comment. A company official said she would call back, but no call had been received by publication time. Bleeping Computer, which is also following the story, couldn’t get a reply either.
The underground parking lot is part of the TD Place Stadium complex, which includes the stadium where the CFL’s Ottawa RedBlacks play, a hockey arena and an office building with restaurants where CIRA has its headquarters.
Although CIRA doesn’t know how the system was brought down, Callaghan noted in his blog that a CIRA survey 37 per cent of Canadian businesses said don’t have anti-malware protection installed and 71 per cent did not have a formal software patching policy. “Hackers are starting to exploit those gaps at companies of all sizes and industries,” he wrote. “The problem is no longer exclusive to large corporations or data-rich organizations. The tools hackers use are cheap, easy to find, and simple to use, which makes hacking for fun or profit easier than ever.”
In an interview this morning Callaghan said the purpose of the blog was to raise awareness about cyber security.