San Francisco’s Municipal Transportation Agency — also known as MUNI — was hacked Friday, forcing the shutdown of several light-rail ticketing machines. The hackers reportedly left behind a message on computer screens at MUNI stations, reading: “You Hacked, ALL Data Encrypted. Contact For Key(firstname.lastname@example.org)ID:681 .”
The trains, however, were not affected.
“There’s no impact to the transit service, but we have opened the fare gates as a precaution to minimize customer impact,” MUNI spokesman Paul Rose told CBS. “Because this is an ongoing investigation it would not be appropriate to provide additional details at this point.”
According to the BBC, the unidentified hackers demanded 100 bitcoins ($73,000) in ransom, indicating that it was a ransomware attack, which typically involves covertly installing a malware on a computer system. Similar attacks have, in recent years, targeted several hospitals across the country.
“I was like, is this part of Black Friday deal, or something?” an unnamed passenger told CBS, referring to the fact that many ticketing machines had a handwritten note reading “free entry” taped over them.
Although the ticketing machines were back up by Sunday afternoon — as confirmed by MUNI in a reply to a tweet — it is not yet clear if the hack has been contained.
“I think it is terrifying,” another passenger who chose to remain anonymous, told CBS. “I think if they can start doing this you know here, we’re not safe anywhere.”
In a recent survey of over 500 IT companies in four countries, including the U.S., 40 percent of businesses surveyed acknowledged having been attacked by ransomware. In the U.S., the most recent incident took place in February, when the Hollywood Presbyterian Medical Center was forced to pay $17,000 in ransom to hackers who seized control of the hospital’s computer systems.
In a statement released earlier this year, FBI’s cybercrime division warned against victims paying ransom to hackers to retrieve their data, arguing that doing so “not only emboldens current cyber criminals to target more organisations, it also offers an incentive for other criminals to get involved in this type of illegal activity.”
FBI Cyber Division Assistant Director James Trainor said at the time: “Paying a ransom doesn’t guarantee an organisation that it will get its data back — we’ve seen cases where organisations never got a decryption key after having paid the ransom.”