Muni Hacked With โAll Data Encryptedโ Message, Hackers Demand โ$73,000โ In Ransom
The San Francisco Municipal Transit Agency (SFMTA) computers got hacked last weekend resulting in Muni free rides for passengers. However, it has been now reported that computer systems at San Franciscoโs transit system, Muni, have been restored following a malware attack on Friday afternoon.
Following the attack, payment systems across the agencyโs subways read โOUT OF ORDERโ in large red digital letters at Powell Station, Embarcadero Station and other stations across The City.
Passengers were not able to purchase transit tickets as a result of the malfunction.ย The fare machines at all the stations on Friday and Saturday displayed the message, โYou Hacked, ALL Data Encrypted. Contact For Key([email protected])ID:681 ,Enter,โ according to SFMTA spokesman Paul Rose. The transit authorities opened fare gates on Saturday to โminimize customer impact,โ as they were unable to charge the passengers for fare.
On Sunday morning, Muni officials said fare gates and machines were operating again at Powell station and elsewhere. However, it is unclear how many computer systems at SFMTA remain compromised, and how many have been restored to working order.
As of late Sunday, as opposed to the usual computer printouts, Muni drivers were assigned routes via handwritten notes posted to bulletin boards, which was verified by Muni operators on background.
The attack itself was a ransomware scheme asking for 100 bitcoins (about $73,000) to unlock more than 2,000 compromised transit system computers, according to The Register:
These systems appear to include office admin desktops, CAD workstations, email and print servers, employee laptops, payroll systems, SQL databases, lost and found property terminals, and station kiosk PCs. It appears the malware was able to reach the agencyโs domain controller and compromise network-attached Windows systems. There are roughly 8,500 PCs, Macs and other boxes on the agencyโs network.
After the vulnerable computers were infected and their storage scrambled, they were rebooted by malware and, rather than start their operating system, they instead displayed the message: โYou Hacked, ALL Data Encrypted, Contact For Key ([email protected]) ID:601.โ
While the Muni hackerโs intentions are still unknown, The Vergeย included this email from the hacker: โWe donโt attention to interview and propagate news ! our software working completely automatically and we donโt have targeted attack to anywhere ! SFMTA network was Very Open and 2000 Server/PC infected by software ! so we are waiting for contact any responsible person in SFMTA but i think they donโt want deal ! so we close this email tomorrow!โ
On the other hand, KPIX-TV reportsย that the computer system had actually been hacked days in advance, but officials declined to provide additional information on the attack, while citing an unnamed transit authority source.
โBecause this is an ongoing investigation it would not be appropriate to provide additional details at this point,โ told Rose to the station.