San Francisco’s transport agency has been targeted by a cyberattack by hackers who demanded a ransom of 100 bitcoins, approx. $70,000.
Over 2,000 systems belonging to San Francisco’s public transit agency was targeted by a ransomware attack that struck over Thanksgiving weekend.
The agency’s ticketing machines across the city, including stations, were disabled as a precautionary measure. However, a message from the attackers was prominently displayed across screens and it simply read:
“You Hacked, ALL Data Encrypted. Contact For Key(email@example.com)ID:681 ,Enter”
Speaking to the BBC, a spokesman for the city’s transport agency claimed that no customer’s personal information was compromised, while confirming that an investigation is underway.
“There has been no impact to the transit service, to our safety systems or to our customer’s personal information,” the spokesman stated.
The Muni, San Francisco’s Municipal Transport Agency, has trains, trams and buses of San Francisco under its purview, along with the city’s beloved cable cars.
According to the Register, a total of 2,112 computers were compromised with a variant of the HDDCryptor malware. Compromised systems include office admin desktops, CAD workstations, employee laptops, payroll systems, email and print servers, lost and found property terminals as well as station kiosk PCs that sell tickets. The publication claims that the attackers reached out to them via email, further revealing that this particular variant of malware attacked the agency’s network and was able to reach the domain controller belonging to the organization, before compromising network-attached Windows systems.
The 100-bitcoin ransom demand is sought by the cybercriminals in exchange for the master decryption key to restore affected drives and files. As things stand, the bitcoin wallet is empty. Meanwhile, ticketing machines at the Muni are back up and its turnstiles were left open since Friday night, allowing San Francisco citizens to travel for free.
Image credit: Pixabay.