On the 26th of November, the San Francisco Examiner reported the San Francisco Municipal Transportation Agency (SFMTA) was hacked. Infected computers at Muni stations were reportedly downed by HDDCryptor ransomware, whose masters attempted to extort the station for bitcoin. As a result, passengers got a free ride throughout the weekend as the agency was forced to open up the gates, since they were unable to process fare payments.
Muni ticket machines, kiosks, employee laptops, email and printed services, payroll systems and SQL databases were compromised according to The Register. Out of a total of 8.656 PCs and Macs on the agency’s network, a total of 2,112 were compromised by the attack.
Typically, a machine is infected with HDDCryptor ransomware whenever an employee accidentally opens a trapped executable, that can come in an email or a download. It took one infection for the ransomware to spread throughout the network.
SFMTA’s computers showed a black screen with the message:
You Hacked, ALL Data Encrypted. Contact For Key([email protected])ID:681 ,Enter.
Paul Rose, n SFMTA spokesperson said: “There’s no impact to the transit service, but we have opened the fare gates as a precaution to minimize customer impact”