Hackers Are Holding San Francisco’s Light-Rail System for Ransom
San Francisco Municipal Railway riders got an unexpected surprise this weekend after the system’s computerized fare systems were apparently hacked. According to the San Francisco Examiner, the MUNI system had been attacked on Friday afternoon.
MUNI riders were greeted with printed "Out of Service" and "Metro Free" signs on ticket machines on late on Friday and Saturday. MUNI first became aware of the intrusion on Friday, according to the Examiner.
Computer screens at MUNI stations displayed a message: "You Hacked, ALL Data Encrypted. Contact For Key(firstname.lastname@example.org)ID:681 ,Enter." MUNI Spokesman Paul Rose spoke to the Examiner and noted that his agency was "working to resolve the situation," but refused to provide additional details.
Reached by email, the hacker confirmed he was seeking a deal with MUNI to undo the damage:
we don't attention to interview and propagate news ! our software working completely automatically and we don't have targeted attack to anywhere ! SFMTA network was Very Open and 2000 Server/PC infected by software ! so we are waiting for contact any responsible person in SFMTA but i think they don't want deal ! so we close this email tomorrow!
In September, Morphus Labs linked a hacker by the same name to a ransomware strain called Mamba, which employs tactics similar to those demonstrated against MUNI.
This isn’t the first California organization to face such an issue: earlier this year, Hollywood Presbyterian Medical Center discovered that its files were being held for a $3.6 million ransom. Ransomware attacks typically occur when a malicious file is downloaded onto a computer and executed. Once a victim pays the demanded ransom, the files will be decrypted.
Representatives of MUNI did not immediately responded to a request for comment. We’ll update this post if we hear more.