‘You Hacked’: Muni Fare Machines Back to Normal

“Indeed, recent Thales e-Security research found only 16 per cent of consumers would continue to use a company’s products or services as usual following a breach – highlighting the profound consequences a cyber-breach can have on a company’s trust”. According to the BBC, the computers listed in the hack included employee terminals as well as machines that may be used to look after payroll and employees’ personal information. A ransomware can lock the target’s computer system and blocks access to the files and also the capabilities that the system maintains.

Instead of providing free software, the ransomware-tainted keycode generator will infect any computer which downloads and attempts to run it. Saolis told the Examiner, “Maybe they need learning something in hard-way!” For example, if you’re visiting a website, you may see a message like, “Your computer has been infected with a virus”. More than 700,000 people ride Muni every day, according to SFMTA numbers, but it’s not clear how much revenue was lost because of this attack. According to reports, it appears that the ransom was not paid. Steve Ragan, who also exchanged emails with the attacker, said 2,112 systems were infected.

In a statement released on Sunday, the San Francisco Municipal Transportation Agency said the ransomware “disrupted some of our internal computer systems including e-mail”. It is unclear what information may have been compromised or lost due to the attack.

Meanwhile, on Friday and Saturday, riders on Muni – San Francisco’s light rail system – were met with signs on ticketing machines saying the trips were free.

The San Francisco Examiner said it was able to contact the alleged hacker.

“You Hacked, ALL Data Encrypted”, the message read. “Contact For Key (cryptom27@yandex.com) ID:681, Enter”. Victims are presented with an email address, contacting that address leads to a response. The scammers demanded 100 Bitcoin, which is a little over $73,000 for payment. The deadline to pay was on Monday, but has now been extended to Friday. “We’re doing a full investigation to find out exactly what we are dealing with”.

The agency has approached the Department of Homeland Security for help to identify and contain the virus, and is working closely with DHS and the Federal Bureau of Investigation on the attack.