The San Francisco Municipal Railway (MUNI) was hacked on Friday afternoon to provide free rides to all passengers. The station payment systems and schedule monitors got hacked by ransomware and station screens across the city started displaying a message that reads:
“You Hacked, ALL Data Encrypted. Contact For Key([email protected])ID:681 ,Enter.”
Although the hacker who managed to compromise the system hasn’t disclosed his name but did leave a message to ask for a ransom to the San Francisco authorities if they want the service to be restored. MUNI Spokesman Paul Rose said his agency was investigating the matter and “working to resolve the situation,” but did not provide details as of how it got hacked. Trains themselves were not affected by the malware attack, and the MUNI claimed that the payments were resumed on the morning of November 27th.
It is yet not clear exactly who was responsible for the attack (besides a pseudonym “Andy Saolis“). However the agency’s computers were being held by ransomware until the MUNI paid the equivalent of more than $73,000 in Bitcoin, according to a report.
Andy Saolis is a pseudonym commonly used in HDDCryptor ransom attacks, which uses commercial tools to encrypt hard drives and network shares on Windows machines using randomly generated keys and then overwrite the hard disks’ MBRs to prevent systems from booting up properly.
Hacker claimed to have infected in Muni’s network, which came out to be 2,112 of the total 8,656 computer networks. The hacker also said that the MUNI had “one more day” to make a deal.
