Over the weekend, San Francisco’s transit agency had to shut down ticket machines on all its light-rail vehicles. Hackers demanded a ransomware of 100 bitcoins (the equivalent of $73,000) to allow the agency regain control over its own servers.
Fortunately, the cyber attack did not affect the train service. Thousands of riders, however, used the agency’s public transport vehicles free of charge for two full days.
An Ongoing Investigation
On Sunday, The Municipal Transportation Agency (Muni) restored all ticket machines. In addition, dozens of transit workers reported the hack affected their email accounts as well. Reportedly, employees couldn’t access their emails on Friday and Saturday.
Spokesman Paul Rose disclosed the agency started an internal investigation into the matter. Investigators want to learn how hackers gained access to the agency’s system. On Sunday, Rose said the agency intends to investigate the issue “fully.” He also stated that the transit service, customers’ private data and the security of the system are out of harm’s way.
Passangers first learned about the hack on Friday, when ticket machines displayed the message “You Hacked, ALL Data Encrypted.” Unnamed sources said the message contained an email address for the ransomware. A Russian internet service provider is reportedly behind the address.
What is Ransomware?
“Ransomware” is a sum of money cyber criminals request from their victims after they lock them out of their computer systems. On a smaller scale, hackers can just encrypt specific documents on a device and demand ransomware for the decryption key.
However, in order to take hostage your computer, hackers need to infect it with malicious software first. This is often done with help from the victim. People who click on suspicious links in spam email messages or activate a macros in a suspicious file are very likely to fall for the scam.
Cyber security experts claim the only way out is to have a backup of the files or a full system restore. Ransomware creators usually press their victims by establishing a short deadline to make the payment. After the deadline, the ransom either goes up or the data is lost forever.
Problem Fixed on Sunday
In the face of such threat, the SF transit agency took all its system offline. Instead it opened the fare gates until Sunday. Nonetheles, it is unclear how the agency fixed the problem. Furthermore, it said customer’s fare purchase information was not affected as it is stored on the servers of another agency.
Rose did not went into specifics about the investigation. He said it would be “inappropriate” to give such details citing an ongoing investigation. The agency’s workers are concerned the hack may postpone paycheck day. About 6,000 people could be affected.
Muni operates hundreds of trams, buses, cable cars, and trains around San Francisco. According to anonymous sources, hackers released a list with all the affected machines. The hack impacted over 2,000 machines across Muni’s network. As of Sunday, hackers said the agency had one more day to pay the money.
Image Source: Flickr