Ransomware Took San Francisco’s Public Transit for a Ride

The San Francisco Municipal Transportation Agency was taken for a ride of its own when hackers used ransomware to shut down its ticketing systems and demand payment.
The agency—usually known as Muni—found that around 2,000 of its servers and computers, including many ticket machines, were locked by ransomware over the Thanksgiving weekend. According to the Verge, machines displayed a message that read: "You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681, Enter.”
Ticket machines were labeled “out of order” over the weekend, and people traveled on the agency’s light rail network for free. A Muni spokesperson told the San Francisco Chronicle that the hack had “no impact to transit service, to our security systems or to our customers’ private information.”
But the incident is still a sign that important city infrastructure is wide open to digital attack.
According the the BBC, the hackers demanded 100 bitcoins—currently around $70,000—for the decryption key. It’s not clear whether or not the transport agency has paid up, though a Bitcoin locker that the Register claims was set up to receive the ransom is empty at this writing.
Ransomware is a simple form of malware: it infects a computer, uses strong encryption to lock down files, and then provides the user with a ransom note demanding money in exchange for a key to unlock the data. It’s lucrative, and it has become more pervasive in recent years. According to Symantec, millions of ransomware attacks are now attempted every day.
Regular users may see their computers infected by rogue websites, images, or videos. It’s not currently clear how the Muni system became infected, and its staff has not released any details, citing an ongoing investigation into the attack.
There have been other notable ransomware attacks in the past, the most worrying of which was a spate of incidents that affected hospitals. In those cases, medical records were rendered inaccessible. One hospital, Hollywood Presbyterian Hospital in Los Angeles, ultimately paid hackers $17,000 to recover its data.
Techniques are available that allow researchers to detect ransomware attacks before it’s too late. But antivirus companies have so far struggled to turn them into tools that work in the real world.
For now, then, individuals and organizations alike must simply follow best security practices to avoid infection and ensure that data is backed up. That way, it doesn’t matter too much if a hacker takes you for a ride.
(Read more: Verge, BBC, The San Francisco Chronicle, “Two Ways to Stop Ransomware in Its Tracks,” “With Hospital Ransomware Infections, the Patients Are at Risk,” “Holding Data Hostage: The Perfect Internet Crime?”
Keep Reading
Most Popular
The inside story of how ChatGPT was built from the people who made it
Exclusive conversations that take us behind the scenes of a cultural phenomenon.
How Rust went from a side project to the world’s most-loved programming language
For decades, coders wrote critical systems in C and C++. Now they turn to Rust.
Design thinking was supposed to fix the world. Where did it go wrong?
An approach that promised to democratize design may have done the opposite.
Sam Altman invested $180 million into a company trying to delay death
Can anti-aging breakthroughs add 10 healthy years to the human life span? The CEO of OpenAI is paying to find out.
Stay connected
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.