Menu
San Francisco Muni says server data not accessed in ransomware hit

San Francisco Muni says server data not accessed in ransomware hit

The alleged ransomware attacker has reportedly threatened to release data stolen from the transit system

The San Francisco Municipal Transportation Agency said late Monday that no data had been accessed from its servers in a ransomware attack on the Muni transit system and the agency has never considered paying the ransom asked by the attacker.

The statement by the SFMTA follows reports that the alleged attacker has threatened to dump 30GB of data stolen from the agency, if the ransom of the equivalent of about $73,000 in bitcoin was not paid.

“The SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls,” the agency’s spokeswoman Kristen Holland wrote in a blog post. She did not mention how the ransomware had got to the SFMTA systems, though there is the possibility that it may have been activated through a link in an email or a web link by an unsuspecting insider.

The malware had been used to encrypt some systems, mainly affecting some 900 office computers, as well as access to various systems, Holland added.

The attack on the transit system last week served to highlight the risk to critical, public infrastructure from cyberattacks, leading some people to voice concern about the safety of the operations of the transit system.

The post tries to address such concerns by stating that Muni operations and safety were not affected and customer payment systems were not hacked.  The payroll system was in operation but access to it was temporarily affected, according to the SFMTA post.

The transit system was hit by ransomware since Friday, reportedly leading to the message “You Hacked, ALL Data Encrypted” being displayed on the computer screens at stations.

SFMTA in coordination with partner Cubic Transportation Systems decided to turn off ticket machines and faregates in the Muni Metro subway stations from Friday to Sunday morning only as a precaution. In the event, passengers benefited from a free ride during those days.

The agency has approached the Department of Homeland Security for help to identify and contain the virus, and is working closely with DHS and the FBI on the attack.

“The SFMTA has never considered paying the ransom,” to the attacker, according to the post. The agency’s information technology team is restoring the systems, with all computers expected to be functional in the next day or two. Most affected computers are already back in operation, SFMTA said.

The ransomware is believed to be a variant of HDDCryptor, which uses commercial tools to encrypt hard drives and network shares, and was identified in September by Trend Micro as a threat both to consumers and enterprises as it not only "targets resources in network shares such as drives, folders, files, printers, and serial ports via Server Message Block (SMB), but also locks the drive."

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Show Comments