The San Francisco transport system, also known as Muni, is the latest to be hit by criminals using ransomware. Such attacks have become a nuisance in recent times, be it knocking out businesses or entire hospitals with their infections.
San Francisco transport system back online
A previously-known PC form of ransomware made its way onto the computers at the Municipal Transportation Agency this weekend. It affected the city’s light rail system, the Muni, which looks after trains, buses, trams and San Francisco’s iconic cable cars.
There was a brief message on the Muni ticketing systems on Saturday, reading, “You Hacked, ALL Data Encrypted.”
Reports state that the hackers tried to explain, in broken English, that their attacks weren’t targeted, suggesting that Muni was the victim of a so-called “spray and pray” attack, notes Forbes
“We don’t attention to interview and propagate news! Our software working completely automatically and we don’t have targeted attack to anywhere! SFMTA network was Very Open and 2000 Server/PC infected by software! So we are waiting for contact any responsible person in SFMTA but I think they don’t want deal! So we close this email tomorrow!” the hackers wrote
The attack, however, did not shut down the network, but it simply led to machines being turned off and passengers allowed to grab free rides. The Muni’s systems appear to have been cleaned of infection.
A Muni spokesperson Paul Rose told the media that the attack did not impact the transit service, but the agency opened the fare gates as a precaution to minimize customer impact. They refused to provide any further information, citing ongoing investigations.
Hackers demanded 100 Bitcoin
The hackers reportedly demanded 100 bitcoin, which are worth $70,000, says a report from Forbes. It’s highly unlikely that the hackers were paid, as the systems are back online.
The BBC learned from the San Francisco news site Hoodline that the hacker claims to have infected more than 2,000 machines in the Muni’s network with the ransomware. It appeared as if many employee terminals and also the machines that might have been used for payroll and storing employees’ personal information had been infected with the ransomware, says the BBC.
The hackers behind the incident have a long history of demanding ransom from web users. They communicate with the victims through the address Cryptom27@yandex.com, telling them that they needed to pay for an encryption key to secure access to their data.