Ransomware Took San Francisco’s Public Transit for a Ride

But the incident is still a sign that important city infrastructure is wide open to digital attack.

According the the BBC, the hackers demanded 100 bitcoins—currently around $70,000—for the decryption key. It’s not clear whether or not the transport agency has paid up, though a Bitcoin locker that the Register claims was set up to receive the ransom is empty at this writing.

Ransomware is a simple form of malware: it infects a computer, uses strong encryption to lock down files, and then provides the user with a ransom note demanding money in exchange for a key to unlock the data. It’s lucrative, and it has become more pervasive in recent years. According to Symantec, millions of ransomware attacks are now attempted every day.

Regular users may see their computers infected by rogue websites, images, or videos. It’s not currently clear how the Muni system became infected, and its staff has not released any details, citing an ongoing investigation into the attack.

There have been other notable ransomware attacks in the past, the most worrying of which was a spate of incidents that affected hospitals. In those cases, medical records were rendered inaccessible. One hospital, Hollywood Presbyterian Hospital in Los Angeles, ultimately paid hackers $17,000 to recover its data.

Techniques are available that allow researchers to detect ransomware attacks before it’s too late. But antivirus companies have so far struggled to turn them into tools that work in the real world.

For now, then, individuals and organizations alike must simply follow best security practices to avoid infection and ensure that data is backed up. That way, it doesn’t matter too much if a hacker takes you for a ride.

(Read more: Verge, BBC, The San Francisco Chronicle, “Two Ways to Stop Ransomware in Its Tracks,” “With Hospital Ransomware Infections, the Patients Are at Risk,” “Holding Data Hostage: The Perfect Internet Crime?”