San Francisco Railway Malware: MUNI Hacked With Ransomware; Not Letting Go Without A Pay?

A recent attack on the San Francisco Municipal Railway leads the commuters to ride for free on Saturday. Ticket machines show a gleaming pink "Out of Service" message at the Powell street station. On the stations is a taped paper sign saying "Metro free."

The San Francisco light rail system AKA the MUNI system had been attacked by Friday afternoon and hackers are not giving it back. A ransomware which is the criminal's encrypted self-reproducing malicious software was downloaded to the computerized fare system.

A message displayed on the MUNI's stations: "You Hacked, All Data Encrypted, Contact For Key (cryptom27@yandex.com)ID:681 ,Enter." MUNI spokesman, Paul Rose on Friday did not confirm the hack according to the post in SF Gate. However, he said that "You hacked" appeared on their agent's computer screen and they are working on doing the investigation.

The Verge detailed that the hacker was reached through email and confirmed that they are looking for a deal with MUNI. The message appeared to be a machine-translated message due to its broken English that is saying that they are waiting for anyone responsible for communication but the hacker thinks that MUNI does not want a deal.

According to the Examineer, the ransomware may have been downloaded mistakenly by an employee. A ransomware can lock the target's computer system and blocks access to the files and also the capabilities that the system maintains. In this case, the attacker will request for "ransom" which is a payment of funds usually in Bitcoin to restore access to the system and data that was targeted.

There is a time period set in which the ransom needs to be paid. The system and data files will then be destroyed if the ransom is not paid within the given deadline. This tactic has garnered a great amount of success to hackers.

Morphus Labs linked the same hacker to a ransomware called Mamba that employs the same tactics against MUNI. Hollywood Presbyterian Medical Center discovered that they were attacked with ransomware with files being held for $3.6 million ransom.

Representatives of MUNI did not respond to the request for them to comment.