Ransomware Took San Francisco’s Public Transit for a Ride

The San Francisco Municipal Transportation Agency was taken for a ride of its own when hackers used ransomware to shut down its ticketing systems and demand payment.

The agency—usually known as Muni—found that around 2,000 of its servers and computers, including many ticket machines, were locked by ransomware over the Thanksgiving weekend. According to the Verge, machines displayed a message that read: "You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681, Enter.”

Ticket machines were labeled “out of order” over the weekend, and people traveled on the agency’s light rail network for free. A Muni spokesperson told the San Francisco Chronicle that the hack had “no impact to transit service, to our security systems or to our customers’ private information.”

But the incident is still a sign that important city infrastructure is wide open to digital attack.

According the the BBC, the hackers demanded 100 bitcoins—currently around $70,000—for the decryption key. It’s not clear whether or not the transport agency has paid up, though a Bitcoin locker that the Register claims was set up to receive the ransom is empty at this writing.

Ransomware is a simple form of malware: it infects a computer, uses strong encryption to lock down files, and then provides the user with a ransom note demanding money in exchange for a key to unlock the data. It’s lucrative, and it has become more pervasive in recent years. According to Symantec, millions of ransomware attacks are now attempted every day.

Regular users may see their computers infected by rogue websites, images, or videos. It’s not currently clear how the Muni system became infected, and its staff has not released any details, citing an ongoing investigation into the attack.

There have been other notable ransomware attacks in the past, the most worrying of which was a spate of incidents that affected hospitals. In those cases, medical records were rendered inaccessible. One hospital, Hollywood Presbyterian Hospital in Los Angeles, ultimately paid hackers $17,000 to recover its data.

Techniques are available that allow researchers to detect ransomware attacks before it’s too late. But antivirus companies have so far struggled to turn them into tools that work in the real world.

For now, then, individuals and organizations alike must simply follow best security practices to avoid infection and ensure that data is backed up. That way, it doesn’t matter too much if a hacker takes you for a ride.

(Read more: Verge, BBC, The San Francisco Chronicle, “Two Ways to Stop Ransomware in Its Tracks,” “With Hospital Ransomware Infections, the Patients Are at Risk,” “Holding Data Hostage: The Perfect Internet Crime?”