Categories: Security

San Francisco Public Transport Hit By Ransomware Attack

San Francisco’s public transportation authority, Muni, allowed city centre passengers to travel for free over the weekend after its systems were allegedly reportedly by ransomware.

Muni left turnstiles to its city centre light rail system open on Friday night and all day on Saturday and ticketing systems were halted as a result of the incident, which caused a ransom message to display on employees’ computer screens, according to local reports.

Ransomware

Turnstiles returned to operation on Sunday.

Muni declined to confirm that a ransomware attack had caused the problem.

“The incident remains under investigation, so it wouldn’t be appropriate to provide any additional details at this point,” the organisation said in a statement.

Local television station KPIX, however, published an image of an employee computer screen displaying what appeared to be a demand generated by ransomware, reading: “You Hacked, ALL Data Encrypted.”

The attacker claimed to have encrypted 2,112 systems out of 8,656 on the network of the San Francisco Municipal Transportation Agency (SFMTA), according to a report by local news website Hoodline, which contacted the individual using the email provided in the message.

Automatic infection

The hacker claimed to have encrypted systems handling functins including payroll, email servers, Quickbooks, NextBus operations, MySQL databases, staff training and staff PCs, and demanded 100 Bitcoin – currently worth about £59,000 – to unlock them.

The attacker provided the pseudonym “Andy Saolis”, which computer security researchers say is frequently used in connection with the HDDCryptor ransomware, and said they would give Muni until Monday to pay.

The attackers responded using broken English via an email address hosted on Russia’s Yandex Internet service.

They indicated SFMTA had been infected “automatically” rather than by a “targeted attack”. Most ransomware infections occur after an employee accidentally opens a malicious email attachment, according to researchers.

SFMTA’s backup servers weren’t affected, according to the list of systems provided by the attackers, meaning the agency might be able to restore the systems manually.

Ransomware attacks have increased dramatically in recent months, with those affected including hospitals and public authorities as well as banks and private individuals.

Do you know all about security in 2016? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

18 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

19 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

20 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

22 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

1 day ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

1 day ago