In yet another ransomware attack happened last month, San Francisco’s Municipal Transport Agency (SMTA) is expecting to have suffered a $50,000 loss.
SMTA, also known as ‘Muni’ was hacked on November 25 resulting in customers being able to travel for free on the city’s light-rail system. The cyber extortionists hacked into the transit system’s computers and denied access to its ticket machines, e-mail and personnel systems. Hackers succeeded in encrypting over 2000 computers and demanded 100 bitcoin (£56,000; €66,000).
Muni operates city trains, trams and buses which usually bring in around $120,000 in fares on a weekend day. That figure includes fares paid on all the three public transport systems both inside and outside the stations.
Though Muni did not pay the ransom and saved $73,000 but the attack did cost half a million dollar, said the officials on December 02. The officials had shut down the ticket machines in the Muni Metro system’s subway stations and threw open the fare gates as soon as they learned about the hack. The actions were taken to stop the spread of the cyber attack , in case the hacker was still inside the network and to ensure that passengers’ financial information couldn’t be accessed.
The rides remained free on November 26 which meant a hefty hit to Muni profits. Fare gates and ticket machines were back in service by the morning of November 27.
The attackers used a variant of the HDDCryptor malware resulting in every computer displaying a black screen with a ransom note. The ransomware attack was triggered when an employee clicked on an email attachment, pop-up or link following which around 900 office computers were taken out of action with the following message clearly visible on some:
“You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681.”
City officials have confirmed a full investigation is now underway.
Though no report of train stopping or passenger safety came to light, but if Muni does not upgrade its systems the next attack can harm the passengers as well.