SF Muni the Victim of Ransomware

The San Francisco Municipal Transportation Agency (Muni) received a Thanksgiving surprise – a ransomware cyberattack. Ransomware is a type of malicious software designed to block access to a computer system until a demand is met or a sum of money is paid.

According to reports, perpetrators launched a random attack that was able to find a vulnerability in the Muni system. They used a sophisticated malware, known as an HDDCryptor, which affected ticket kiosks, email, and payroll systems.

The ransomware was most likely activated by a Muni employee who opened a corrupted email attachment or web link. More than 2,000 Muni computers then displayed the message: “You Hacked, ALL Data Encrypted” and ticket kiosks read “OUT OF SERVICE.” As a result, Muni offered free light-rail rides over the holiday weekend.

The attackers demanded a ransom to be paid in Bitcoin valued at more than $70,000.  If not, they claimed they would release data regarding Muni contracts, as well as customer and employee information.

By Monday, the systems were back online. Muni, the 7th largest transit system in the U.S., indicated that no payment was made and there was no impact on service or never any danger to consumer safety or information.

However, the incident does spotlight concerns over infrastructure and transportation system vulnerabilities that could cause much worse damage and risk to personal safety, particularly with the increasing use of smart infrastructure, such as self-driving vehicles and automated signals. Muni is working with the FBI and Homeland Security on this incident.

Tips to Combat Ransomware

1. Train employees to not open suspicious attachments.
2. Back-up files regularly.
3. Keep antivirus software and firewalls current.
4. Use strong passwords.
5. Test for system vulnerabilities.
6. Don't place all data on one file available to everyone in the company.
7. Show hidden file extensions.
8. Don’t give in to ransomware demands.