Ransomware rides the rails of San Francisco

Back to Blog

Ransomware rides the rails of San Francisco

What happens when your area transit system gets infected with ransomware? A whole lot of lost money. Over 2,000 systems at MUNI in San Francisco, CA were compromised with a variant of the HDDCryptor ransomware. The systems infected were admin desktops, network servers, SQL databases, payroll systems, and station kiosks. The malware infected Windows-domain joined systems all throughout MUNI’s network causing the agency to offer free rides on Friday night and into Saturday.

High cost of ransomware recovery

It’s not currently known if MUNI can simply restore from backups to avoid paying the cyber criminals a staggering 100 bitcoins – which converted to United States Dollars, based on the current exchange rate, comes to around $73k. Having proper, secured, and tested backups are the biggest way to avoid having to pay ransoms like this. Our customers are always advised to take advantage of our backup solutions. Not only do they protect a business in the event of fire, flood, or other natural disaster, in the event of ransomware, it’s easy to get data customer back with minimal loss.

In addition to all of the agency’s data being encrypted, they might have some larger problems: the group behind the attack claims that they have extracted about 30 GB of internal documents, databases, and employee files and have threatened to release the information if they do not get paid.

The attackers have not heard anything from the agency.

“Our software [is] working completely automatically and we don’t [launch] targeted attacks … SFMTA’s network was very open and 2,000 server/PCs [were] infected by software,” said the attackers in an email. “So we are waiting for contact [from] any responsible person in SFMTA but I think they don’t want a deal. So we close this email [account] tomorrow.”

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to Blog