To Customer Support To Customer Support

San Francisco public transit system hit in ransomware attack

  • 28 November 2016
  • 4 replies
  • 6 views
akim
Userlevel 7
Badge +35
  • akim
  • Retired Webrooter
  • 831 replies
Nov 28, 2016 12:48pm EST  ·  By Jim Finkle
 
The San Francisco Municipal Transportation Agency said on Monday it had contained a cyber attack, which disrupted its ticketing systems and forced it to offer free service to some customers during the Thanksgiving weekend.
 


 
The agency, known widely as Muni, said it was the victim of a ransomware attack on Friday that affected internal computer systems including email, but had no impact on safe operation of transit services.
The agency disabled fare gates from Friday to Sunday "as a precaution to minimize possible impacts to our customers," Muni spokesman Paul Rose said in an email on Monday.
 
Full Article
Anna - Webroot Sr. Advocate Programs Manager

4 replies

Baldrick
Rank
Userlevel 7
Ouch...that must hurt...but most of all it is surprising that this could be allowed to happen...obviously someone clicked on an unsafe attachment, etc.
 
Until people get more savvy about what ransomware is and how it propagates then I suppose that this sort of thing will continue to make headlines...unfortuantely. :(
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
29th November 2016
 
The hacker in control of that email account said he had compromised thousands of computers at the SFMTA, scrambling the files on those systems with strong encryption. The files encrypted by his ransomware, he said, could only be decrypted with a special digital key, and that key would cost 100 Bitcoins, or approximately USD $73,000.

On Monday, KrebsOnSecurity was contacted by a security researcher who said he hacked this very same cryptom27@yandex.com inbox after reading a news article about the SFMTA incident. The researcher, who has asked to remain anonymous, said he compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s email password. A screen shot of the user profile page for cryptom27@yandex.com shows that it was tied to a backup email address, cryptom2016
 
Full Article
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

Backups meant SFMTA didn't have to pay 100-Bitcoin ransom demanded by the attacker.

 
                    


 
Sean Gallagher - 11/29/2016
 
The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan.
 In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers."
 
Full Article
Baldrick
Rank
Userlevel 7
Yay! At last proof of what we have been saying about how to beat this crapware...backup, image, backup, image, backup, etc. :D
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.