San Francisco’s public railway system hit by hackers

The hacker responsible for all those free Muni rides over the weekend is asking for 100 bitcoin (about $73,000) in exchange for unlocking the affected Muni computers, as the Examiner found out from emailing him/her.

In a statement to the local CBS affliate, KPIX-TV, Muni spokesperson Paul Rose said that fare gates were left open to “minimize customer impact”.

Another incident with a ransomware this year attacked Hollywood Presbyterian Medical Center systems. According to Hoodline, a San Francisco-based news site, the hackers had access to roughly one-quarter of Muni’s computer network.

It’s unclear though if this was the case for the SFMTA’s ransomware attack as transit officials have not yet said where the attack originated from or how it got into the transit agency’s computer system. “All data encrypted”, with contact information for a key.

In coordination with our partners at Cubic Transportation Systems, which operates Clipper®, we took the precaution of turning off the ticket machines and faregates in the Muni Metro subway stations, starting on Friday until 9 a.m., Sunday.

“I hope company try to fix it correctly and we can advise them”, the hacker wrote in a message obtained by The Verge.

On the 26th of November, the San Francisco Examiner reported the San Francisco Municipal Transportation Agency (SFMTA) was hacked. The hackers are demanding a ransom of 100 Bitcoins – now worth around $73,000. The attack forced the light rail transit system to give free rides as payment systems needed to be put back online.

Muni said it could not discover the extent of damage caused, or whether any employee or passenger data had been breached. The hacker is giving the agency until Friday to pay the ransom. Contact: “Key ([email protected]) ID:.681, Enter”.

It’s not known how many systems were compromised on the network that has more than 8000 computers and the personal data of around 6000 employees.

A report by The Register suggested that over 2,000 systems were hit by a variant of the HDDCrypto ransomware strain.

Rose also refused to elaborate on details of the investigation or the alleged ransom, telling the paper that comment would be “inappropriate” while the probe was ongoing.