![A Look at 30 Key Cyber Crime Statistics [2023 Data Update]](https://www.thesslstore.com/blog/wp-content/uploads/2022/02/cyber-crime-statistics-feature2-75x94.jpg)
(No Ratings Yet)
Loading...Ransomware Hits San Francisco’s Public Transportation
A quarter of the SFMTA’s network was infected over the holiday weekend.
Riders of San Francisco’s metro system (SFMTA) were treated to free rides this weekend. But what appeared to be a pleasant holiday surprise, was actually the result of a nasty ransomware infection affecting the train’s ticketing computers, which left no option but to allow free rides while the computer systems were down.
Ransomware has been making headlines for the last few years. It is a type of malware that encrypts files on the infected computer, blocking access to them unless the user pays a ransom in bitcoin (or other untraceable methods). Ransomware has been so effective because it employs social engineering – the term given to attacks which rely on manipulating people – often spreading through phishing emails and documents claiming to be official invoices or bills.
The full extent of the damage to the SFMTA is unclear, but reporting from SF Examiner indicates that the ransomware is throughout its systems. Photographs of station agent computers show they were infected, and on Sunday, drivers were being assigned routes “via handwritten notes posted to bulletin boards, as opposed to the usual computer printouts.” Sources told KPIX 5 that computers handling payroll may also be affected, which could delay employees’ paychecks.
Affected computers displayed the message:
“You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681 , Enter Key: Missing operating system.”
The San Francisco ransomware, believed to be a strain of HDDCryptor, encrypts the MBR (Master Boot Record) of the computer, a system-critical function, without which, a computer is unable to start properly.
Hoodline.com and The Verge contacted the email address listed in the message. The attacker, going by the name ‘Andy Saolis,’ said:
“We do this for money, nothing else ! i hope it’s help [sic] to company to make secure IT before we coming !”
The exact method of infection is not known, but it looks like it was one of the usual vectors of ransomware, which is usually delivered via phishing sites or emails. A list of infected computers obtained by CSO Online suggests that a staff member’s computer may have been the original entry point.
We do know that the SFMTA was not specifically targeted. Saolis wrote:
“Our software working completely automatically and we don’t have targeted attack to anywhere! SFMTA network was Very Open and 2000 Server/PC infected by software!”
To remove the ransomware and restore functionality, Saolis is demanding a ransom of 100 bitcoin, which is currently worth approximately $73,000 USD. In exchange for that ransom, decryption keys are provided that can automatically un-encrypt the computers and return them back to normal.
According to Saolis, 2,112 of the 8,656 computers in the Municipal Transportation Agencies’ network are infected. Though as of Sunday night, the ticketing machines were functioning again, which suggests that SFMTA may be solving the problem on its own.
If an organization has proper measures in place (most importantly, backups), it can avoid paying the ransom and restore the computers on their own with little to no data loss. Ransomware distributors often impose a deadline to force victims into action.
If SFMTA is going to pay the ransom, which security companies discourage, it may not have much time left. Saolis wrote: “we are waiting one more day for “we are waiting one more day for deal and after it this email closing for security reason!” (which would be Monday). In another email, Saolis wrote “many ppl and news agency send email and question, it’s boring, i want to close this email!”
Apparently, he is not appreciating the coverage.
SFMTA is a government agency, which raises questions about whether it could even use funds to pay the ransom if it wanted to. According to SFMTA’s budget, it brings in an average of $559,000 per day in ticket fares, so whatever it does, it will want to get this sorted out quickly.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown