San Francisco Municipal Railway
Hacker/s have bypassed the San Francisco’s transport network posting messages on computer screens that read “You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681 ,Enter”.
The attack rendered useless office admin desktops, email and print servers, employee laptops, payroll systems, SQL database, station kiosk PCs and lost and found property terminals.
A report by The Register suggested that over 2,000 systems were hit by a variant of the HDDCrypto ransomware strain.
After the attack, according to reports, passengers using the San Francisco Municipal Railway (MUNI) were allowed to ride for free.
“There’s no impact on the transit service, but we have opened the fare gates as a precaution to minimise customer impact,” MUNI spokesperson Paul Rose told a CBS affiliate. “Because this is an ongoing investigation it would not be appropriate to provide additional details at this point.”
>See also: The evolution of ransomware: what lies ahead?
Mark James, security specialist at ESET referred to the MUNI spokesperson’s comments about the lack of impact on customers. He said “sadly the impact is beyond actual data theft and more about the people’s concern over the ability to protect their data.”
Yesterday morning (in San Francisco) ticketing machines were back up online.
It is still not evident, however, whether the attack has been contained or whether the hacker/s have been identified.
A local news site called Hoodline suggests the hacking group responsible for the attack is a group called Andy Saolis.
The report says it launched the ransomware known as Mamba.
Security experts have offered an explanation as to how this could have happened.
They have suggested that the hack originated via a phishing scam to gain access to a MUNI staffer’s credentials, which in turn allowed them to launch the ransomware attack.
Payment
The Verge reported that the hacker/hackers confirmed that he/she/they were negotiating a deal with MUNI.
>See also: How to minimise the impact of ransomware
In a bid to show the systems could be restored the hacker/s supposedly offered to decrypt one machine for one bitcoin.
Leon Pinkney, SOC director at Redscan commented on the the disruption to San Francisco’s transit system serves “as yet another example of hackers’ ability to interfere with our daily lives”.
“As cities become smarter, more investment in cyber security is needed to protect public safety and uphold confidence in the services we rely on so heavily.”