San Francisco Railway’ Fare System Hacked for 100 Bitcoin Ransom

On Friday 25th, a report emerged that the San Francisco Municipal Railway (MUNI) couldn’t operate because its fare system, which is entirely computerized, got targeted with a cyber attack.

The attack occurred in the afternoon after which the ticket machines at the Railways showed these signs: “Out of Service” and “Metro Free.”

san-francisco-railway-fare-system-hacked-for-100-bitcoin-ransom-3
Out of service sign on one of the MUNI machines.

Also Read: Scammers Using Images on Facebook Messenger to Drop Locky Ransomware

Whereas, the computer screen installed at MUNI stations showed this message:

“You Hacked, ALL Data Encrypted. Contact For Key (cryptom27@yandex.com)ID:681 ,Enter.”

san-francisco-railway-fare-system-hacked-for-100-bitcoin-ransom-2
Ransome note left by the attacker.

These signs kept displaying until Saturday. Obviously, it became a serious nuisance for riders of MUNI.

The department got a hint of the attack on the same day.

According to a spokesman from MUNI, Paul Rose, the agency was aware of the attack and was “working to resolve the situation.” However, when inquired further for details, Rose refrained from commenting more.

Also Read: New Ransomware Asks User to Play Click Me Game while Encrypting Data

When the hacker was contacted via an email address he posted on the computer screens, it became apparent that he wanted to strike a deal with the Railways to resolve the issue and return the key.

“We don’t attention to interview and propagate news ! our software working completely automatically and we don’t have targeted attack to anywhere ! SFMTA network was Very Open and 2000 Server/PC infected by software ! so we are waiting for contact any responsible person in SFMTA but I think they don’t want a deal ! so we close this email tomorrow!”

According to The Register, the attacker demanded 100 bitcoins (USD 73,000) to unlock those 2,000+ hacked transit system computers.

Also Read: CryPy Ransomware Encrypts Each File Individually with a Special Key

This is the same hacker who was identified by Morphus Labs in September this year. In that particular incident, the hacker was blamed to be distributing Mamba, a dangerous ransomware strain that not only locks up victims’ files but also encrypts their hard drives.

At the time of publishing this article, the status of compromised Fare System was unknown. If you are based in San Francisco kindly share its status with us.

SourceSFGate

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.