San Francisco’s Municipal Railway, known as Muni, saw its computerized fare systems hacked last week. It turns out that during the hack, there was a ransom demand of 100 bitcoin, equalling around $73,000 (it was not successful).
While Muni trains were never affected, riders on Friday and Saturday got free rides as the message, “You Hacked, ALL Data Encrypted. Contact For Key(firstname.lastname@example.org)ID:681 ,Enter.”, appeared on Muni agents computer screens. Ticket machines looked out of order, with “Metro Free” signs placed in front of screens.
While Muni has not released information from their ongoing investigation, a few facts have been gleaned about the basic details of the attack. It appears to be a ransomware attack, equivalent to looking Muni out of its own systems and demanding a payment to get back in. The attacker or attackers used the pseudonym Andy Saolis.
Now, the Yandex account Saolis names in the message has itself been hacked—this time by an anonymous researcher who contacted the cybersecurity site KrebsOnSecurity. The researcher who was able to get into the Yandex account by guessing its password questions, discovered the blackmail email sent to Muni infrastructure manager