On Friday 25th, a report emerged that the San Francisco Municipal Railway (MUNI) couldn’t operate because its fare system, which is entirely computerized, got targeted with a cyber attack.
The attack occurred in the afternoon after which the ticket machines at the Railways showed these signs: “Out of Service” and “Metro Free.”
Whereas, the computer screen installed at MUNI stations showed this message:
“You Hacked, ALL Data Encrypted. Contact For Key (firstname.lastname@example.org)ID:681 ,Enter.”
These signs kept displaying until Saturday. Obviously, it became a serious nuisance for riders of MUNI.
The department got a hint of the attack on the same day.
According to a spokesman from MUNI, Paul Rose, the agency was aware of the attack and was “working to resolve the situation.” However, when inquired further for details, Rose refrained from commenting more.
When the hacker was contacted via an email address he posted on the computer screens, it became apparent that he wanted to strike a deal with the Railways to resolve the issue and return the key.
“We don’t intend to interview and propagate news! our software working completely automatically and we don’t have targeted attack to anywhere! SFMTA network was Very Open and 2000 Server/PC infected by software! so we are waiting for contact any responsible person in SFMTA but I think they don’t want a deal ! so we close this email tomorrow!”
According to The Register, the attacker demanded 100 bitcoins (USD 73,000) to unlock those 2,000+ hacked transit system computers.
— Lisa Amin Gulezian (@LisaAminABC7) November 27, 2016
This is the same hacker who was identified by Morphus Labs in September this year. In that particular incident, the hacker was blamed to be distributing Mamba, a dangerous ransomware strain that not only locks up victims’ files but also encrypts their hard drives.
At the time of publishing this article, the status of the compromised Fare System was unknown. If you are based in San Francisco kindly share its status with us.