Menu
San Francisco Muni says server data not accessed in ransomware hit

San Francisco Muni says server data not accessed in ransomware hit

The alleged ransomware attacker has reportedly threatened to release data stolen from the transit system

The San Francisco Municipal Transportation Agency said late Monday that no data had been accessed from its servers in a ransomware attack on the Muni transit system and the agency has never considered paying the ransom asked by the attacker.

The statement by the SFMTA follows reports that the alleged attacker has threatened to dump 30GB of data stolen from the agency, if the ransom of the equivalent of about $73,000 in bitcoin was not paid.

“The SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls,” the agency’s spokeswoman Kristen Holland wrote in a blog post. She did not mention how the ransomware had got to the SFMTA systems, though there is the possibility that it may have been activated through a link in an email or a web link by an unsuspecting insider.

The malware had been used to encrypt some systems, mainly affecting some 900 office computers, as well as access to various systems, Holland added.

The attack on the transit system last week served to highlight the risk to critical, public infrastructure from cyberattacks, leading some people to voice concern about the safety of the operations of the transit system.

The post tries to address such concerns by stating that Muni operations and safety were not affected and customer payment systems were not hacked.  The payroll system was in operation but access to it was temporarily affected, according to the SFMTA post.

The transit system was hit by ransomware since Friday, reportedly leading to the message “You Hacked, ALL Data Encrypted” being displayed on the computer screens at stations.

SFMTA in coordination with partner Cubic Transportation Systems decided to turn off ticket machines and faregates in the Muni Metro subway stations from Friday to Sunday morning only as a precaution. In the event, passengers benefited from a free ride during those days.

The agency has approached the Department of Homeland Security for help to identify and contain the virus, and is working closely with DHS and the FBI on the attack.

“The SFMTA has never considered paying the ransom,” to the attacker, according to the post. The agency’s information technology team is restoring the systems, with all computers expected to be functional in the next day or two. Most affected computers are already back in operation, SFMTA said.

The ransomware is believed to be a variant of HDDCryptor, which uses commercial tools to encrypt hard drives and network shares, and was identified in September by Trend Micro as a threat both to consumers and enterprises as it not only "targets resources in network shares such as drives, folders, files, printers, and serial ports via Server Message Block (SMB), but also locks the drive."


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

Channel celebrates as HP marks 50 years in NZ

Channel celebrates as HP marks 50 years in NZ

HP marked 50 years in New Zealand at an event in the vendor's Auckland's headquarters last night, with a host of key channel figures coming along to celebrate. Photos by HP.

Channel celebrates as HP marks 50 years in NZ
EDGE 2017 - Icebreaker Sessions round 2

EDGE 2017 - Icebreaker Sessions round 2

EDGE guests experience the value of networking at the second round of Icebreaker sessions.. Photos by Maria Stefina

EDGE 2017 - Icebreaker Sessions round 2
EDGE 2017 Dinner Under the Stars

EDGE 2017 Dinner Under the Stars

EDGE's Day 2 keynote and breakout sessions were followed by the Dinner Under the Stars. Over 300 people were present to enjoy a seafood feast and lots of excitement at Hamilton Island's Bougainvillea Marquee. Photos by Maria Stefina.

EDGE 2017 Dinner Under the Stars
Show Comments