There has been another ransomware attack on a public organization. The malware was used to extort money from a number of hospitals earlier this year, but the victim in this latest instance was San Francisco Municipal Railway’s Muni station computer system.
In what sounds like something straight out of Watch Dogs 2, Muni passengers traveled for nothing on November 26 after ticketing kiosks were shut down and “Metro Free” signs appeared on ticket machines following Friday’s attack.
Computer screens at stations were disabled, displaying the message: "You Hacked, ALL Data Encrypted. Contact For Key(firstname.lastname@example.org)ID:681 ,Enter." The city’s trains were not affected.
Hoodline reports that Muni’s computers were hit with the HDDCryptor ransomware, also known as Mamba. A hacker or hackers using the alias “Andy Saolis” demanded 100 Bitcoins – around $73,000 – in exchange for the decryption key.
2112 of the agency’s 8656 computers were affected by the attack, which compromised database servers, email, training, and payroll systems. Backup servers did not appear to be impacted.
As is often the case with ransomware attacks, it’s suspected that hackers used phishing schemes, where a company employee unknowingly installed the malicious software via a deceptive email.
Ticket machines had returned to working order on Sunday, though it’s not clear how the agency got the system back up - or if the rest of the network is still locked down.
Ransomware continues to be a popular tool for hackers to extort money from individuals and organizations. Hollywood Presbyterian Medical Center was one of several hospitals that fell victim to the malware in 2016. It was only able to regain control of the locked systems after paying the equivalent of $17,000 to the attackers.