As consumers were busy with the Thanksgiving and Black Friday weekend, cyber criminals used the opportunity to attack San Francisco's transit system. They even demanded a $73k ransom in exchange of the key to unlock the affected Muni computer systems. What's even worse, they threatened to leak confidential information if the management would not pay. None of these worked out as the Muni Metro Stations are now back to normal.
According to SF Gate, the official chose to "shut down the system's ticket machines and opened the fare gates" instead of paying the ransom. This allowed people to ride the light-rail for free from Friday night to Saturday. They also contacted the Department of Homeland Security, as well as their own technology division.
MTA's spokesman Paul Rose said that giving in to the criminals' demand "was never an option". Eventually, they were able to make most of the system working again. Rose explained that the ransomware was not as bad as the cyber criminals made it seem. In fact, he said that the "attack did not penetrate" their firewalls. The worst that happened was preventing the Muni employees from logging on some of their computers, and sending and receiving emails.
The Register previously reported that there were 2,122 computers affected by the HDDCryptor malware. This is what the cyber criminals claimed in an email correspondence seen by El Reg. Once these were infected, they reboot and a message will be displayed that said "You Hacked, ALL Data Encrypted, Contact For Key ([email protected]) ID:601." The hackers are demanding for 100 bitcoins that amount to $73,000. Furthermore, they claimed that they are in possession of internal documents, databases and employee files. These would be leaked if the ransom was not paid.
Rose revealed that the said information threatened to be released was actually never compromised. He added that the criminals barely had control over the trains, fare gates and ticket machines. It turned out that they made the right decision by listening to the advice they got from federal officials. The network was also restored with the help of their backup system.
Ransomware attack has been a staple for cyber criminals. It was previously reported that security firm Check Point discovered that a malware program is exploiting social media platforms like Facebook. Though the tech giant said in a statement that it is caused by bad Chrome extensions. An infected image file will automatically download itself to the computer. Users will unknowingly open the file that will then result to the ransomware Locky being installed to the device. Such cyber-crime is being used to demand money from innocent people in exchange for the key to decrypt the affected files.