Skip to main content

Hacker hit San Francisco's transportation system

(Image credit: Image Credit: Lowe Llaguno / Shutterstock)

San Francisco's transport agency was targeted by cyber attackers over the weekend, who hacked its systems which resulted in passengers being able to travel for free. Though the hackers responsible for the attack have not come forward, they have made a ransom demand of 100 Bitcoin which is equal to around $70,000.

Staff working during the weekend immediately shut down all of the ticketing machines as a precaution and this is what allowed those using San Francisco's public transportation system to travel for free.

The attackers were able to disable computers throughout the city's transportation network and even some at stations were rendered inoperable. The affected machines all displayed a message from those behind the attack which read: “You Hacked, All Data Encrypted. Contact For Key ( ID: 681,Enter.”

By the email address alone, it is clear that the attackers are based in Russia as Yandex is an internet company that offers email and social networking services within the country. Fortunately no trains were affected by the hack and city officials have already begun a full investigation into the matter.

A spokesperson for the Municipal Transportation Agency (Muni) offered further details on the incident, saying: “There has been no impact to the transit service, to our safety systems or to our customer's personal information. The incident remains under investigation, so it wouldn't be appropriate to provide any additional details at this point.”

The news site Hoodline noted that the hacker behind the attack had provided a list of 2,000 machines that were infected in Muni's network. Among the machines, a number of employee terminals were also accessed during the hack and they may have contained personal information.

Wieland Alge, VP & GM EMEA at Barracuda Networks commented: "What makes this particular ransomware incident interesting is that the attack affected public-facing ticketing machines. The majority of ransomware attacks take place behind closed doors, with the public sometimes never finding out about them. The hackers that hit the San Francisco transport systems did so in a very public way.

"Businesses should of course do everything they can to avoid becoming vulnerable to these attacks in the first place, especially via email, and use segmentation and proper firewalling to limit the effect of any successful breach. That said, a well-deployed backup process can also play a decisive role in not only limiting the damage of ransomware attacks, but also making sure that companies never need to pay a ransom." 

Image Credit: Lowe Llaguno / Shutterstock

Anthony Spadafora
Anthony Spadafora

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.