The same proved past times hackers on Friday, when to a greater extent than than 2,000 estimator systems at San Francisco's world transit means were acre got hacked.
San Francisco's Municipal Transportation Agency, also known every bit MUNI, offered costless rides on Nov 26th later MUNI station payment systems in addition to schedule monitors got hacked past times ransomware in addition to station screens across the metropolis started displaying a message that reads:
"You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681 ,Enter."
According to the San Francisco Examiner, MUNI confirmed a Ransomware assault against the station fare systems, which caused them to closed downward ticket kiosks in addition to brand rides costless this weekend.
As y'all tin see, the to a higher house message delivered past times the malware followed past times an electronic mail address in addition to ID number, which tin in addition to thence endure used to adapt ransom payments.
MUNI Spokesman Paul Rose said his means was investigating the affair in addition to "working to resolve the situation," but did non render details every bit of how MUNI got hacked.
"We are currently working to resolve the situation," said Rose. "There is an ongoing investigation, in addition to it wouldn’t endure appropriate to render additional details."
Pay $73,000 to Free Systems from Ransomware
It is nevertheless non clear precisely who was responsible for the assault (besides a pseudonym "Andy Saolis"), but according to local media reports, the agency's computers were beingness held past times ransomware until the MUNI paid the equivalent of to a greater extent than than $73,000 inwards Bitcoin.
Andy Saolis is a pseudonym unremarkably used inwards HDDCryptor ransom attacks, which uses commercial tools to encrypt difficult drives in addition to network shares on Windows machines using randomly generated keys in addition to and thence overwrite the difficult disks' MBRs to forestall systems from booting upwardly properly.
The target machine is typically infected past times accidentally opening a malicious executable inwards an electronic mail or download, in addition to and thence the malware spreads out across the network.
The electronic mail address, cryptom27@yandex.com, used past times anonymous criminal points the metropolis to a Russian electronic mail address to adapt payment in addition to has been linked to other cyber attacks every bit well.
The Hacker Linked to a Previous Ransomware Starin
When reaching at the provided email, the hacker provided a disputation inwards broken English, which read:
"We don't attending to interview in addition to propagate news! Our software working completely automatically in addition to nosotros don't convey targeted assault to anywhere! SFMTA network was Very Open in addition to 2000 Server/PC infected past times software! So nosotros are waiting for contact whatever responsible soul inwards SFMTA but I mean value they don't desire bargain ! thence nosotros closed this electronic mail tomorrow!"The same electronic mail address, cryptom27@yandex.com, was linked to a ransomware strain called Mamba inwards September. The ransomware employs tactics like to those demonstrated against the MUNI systems.
The hacker provided hoodline a listing of systems the hacker claimed to convey infected inwards Muni's network, which came out to endure 2,112 of the full 8,656 estimator networks. The hacker also said that the MUNI had "one to a greater extent than day" to brand a deal.
Not much most the hack is known; the extent of the hack in addition to hacker's identity stay a mystery for now, but the incident 1 time once to a greater extent than reminds us that how vulnerable our critical infrastructure remains.
