Menu
San Francisco Muni says server data not accessed in ransomware hit

San Francisco Muni says server data not accessed in ransomware hit

The alleged ransomware attacker has reportedly threatened to release data stolen from the transit system

The San Francisco Municipal Transportation Agency said late Monday that no data had been accessed from its servers in a ransomware attack on the Muni transit system and the agency has never considered paying the ransom asked by the attacker.

The statement by the SFMTA follows reports that the alleged attacker has threatened to dump 30GB of data stolen from the agency, if the ransom of the equivalent of about $73,000 in bitcoin was not paid.

“The SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls,” the agency’s spokeswoman Kristen Holland wrote in a blog post. She did not mention how the ransomware had got to the SFMTA systems, though there is the possibility that it may have been activated through a link in an email or a web link by an unsuspecting insider.

The malware had been used to encrypt some systems, mainly affecting some 900 office computers, as well as access to various systems, Holland added.

The attack on the transit system last week served to highlight the risk to critical, public infrastructure from cyberattacks, leading some people to voice concern about the safety of the operations of the transit system.

The post tries to address such concerns by stating that Muni operations and safety were not affected and customer payment systems were not hacked.  The payroll system was in operation but access to it was temporarily affected, according to the SFMTA post.

The transit system was hit by ransomware since Friday, reportedly leading to the message “You Hacked, ALL Data Encrypted” being displayed on the computer screens at stations.

SFMTA in coordination with partner Cubic Transportation Systems decided to turn off ticket machines and faregates in the Muni Metro subway stations from Friday to Sunday morning only as a precaution. In the event, passengers benefited from a free ride during those days.

The agency has approached the Department of Homeland Security for help to identify and contain the virus, and is working closely with DHS and the FBI on the attack.

“The SFMTA has never considered paying the ransom,” to the attacker, according to the post. The agency’s information technology team is restoring the systems, with all computers expected to be functional in the next day or two. Most affected computers are already back in operation, SFMTA said.

The ransomware is believed to be a variant of HDDCryptor, which uses commercial tools to encrypt hard drives and network shares, and was identified in September by Trend Micro as a threat both to consumers and enterprises as it not only "targets resources in network shares such as drives, folders, files, printers, and serial ports via Server Message Block (SMB), but also locks the drive."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments