Ransomware attack makes SF Transit passengers travel free

SF Muni Subway passengers were allowed to travel free on Friday last week, due to a ransomware attack on the transit systems servers, workstations, and ticket machines. It is estimated that more than 2,000 systems were digitally locked by cyber criminals at San Francisco’s public transit agency and they were demanding 100 bitcoins to unlock them.

As the ticket machines were not in a position to tender tickets, the SF Muni Transit officials decided to allow passengers travel free on Saturday and on Sunday.

As per the details available to our sources, HDDCryptor Malware hit 2,112 computers at San Francisco Municipal Transportation Agency. The infected systems include CAD workstations, email and print servers, employee laptops, payroll systems, SQL databases, lost and found property terminals, and admin PC.

Cyber crooks just induced the malware worm into the network and it somehow reached the organization’s domain controller and comprised the entire network within no time.

It is estimated that more than 8,500 PCs and Macs are on the agency’s network and more than half of those have been attacked.

As the database crippled within no time, the officials at SF Muni were only left with an option to stop ticketing system and allow people to travel for free on the railway network.

The hackers have left a message on the main servers saying that the systems and network have been hacked and all the data was encrypted. They displayed a bitcoins address and asked the officials to send 100 BTC to unlock the network.

Due to the holiday season, SF rail system authorities were forced to allow people travel free and that was due to two main reasons.

First, the rush could not be contained and controlled and the second reason was that all technical staff was on leave.

For this reason, the officials chose to ignore the warning of cyber criminals and asked the passengers to travel ticket free.

The ransomware propagators said that they will wait until Monday evening for the SF Muni Rail transport officials to react. If not, they warned that the entire database will be locked forever.

In the meantime, SF officials have launched an investigation on Sunday evening and said that they will provide additional details to the media on this issue by late Monday.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display