kaptn - Fotolia

San Francisco transport system hit by ransomware attack

San Francisco's transport agency appears to be the latest target of cyber criminals using encryption malware to hold organisations to ransom

San Francisco’s Muni transport system was reportedly hit by a ransomware attack at the weekend that affected all rail fare payment machines.

The attackers displayed messages on fare system computer screens that said: “You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681.

Yandex is a Russian internet company that provides a range of online services, including email, social networking and search.

The trains were unaffected, however, and Muni confirmed that all systems were up and running again by Sunday afternoon. It is unknown whether the attack has been contained, however.

On Saturday, Muni spokesman Paul Rose told CBS: “Because this is an ongoing investigation, it would not be appropriate to provide additional details at this point.”

The attack meant passengers were able to travel free of charge as Muni opened the fare gates to minimise disruption on services.

Unidentified attackers demanded 100 bitcoins ($73,000 or £56,000) in ransom, according to the BBC, indicating that it was a ransomware attack, which is a low-cost, low-risk form of cyber extortion.

The attackers used a variant of the HDDCryptor malware and claimed to have infected 2,112 computers, including office admin desktops, CAD workstations, email and print servers, employee laptops, payroll systems, SQL databases, lost and found property terminals, and station kiosk PCs, according to the Register.

Ransomware attacks have become extremely popular with cyber attackers in recent times and typically involve malware that encrypts computer systems and demands payment in return for the decryption key.

In April 2016, after a spate of attacks on hospitals, the US and Canada issued a joint alert to raise awareness and understanding of ransomware.

Read more about ransomware

The alert urged organisations to back up data and warned that paying ransom does not guarantee the release of files encrypted by ransomware.

Attackers have also increasingly targeted medical facilities in the UK, the US and Europe. In August 2016, security firm Trend Micro warned that UK organisations were not taking ransomware seriously enough.

An information request by security firm SentinelOne revealed that 40% of UK universities had been targeted by ransomware in the past year, while a study by security firm NCC Group revealed that 47% of NHS trusts in England had been targeted in the same way.

Ransomware is one of the top international cyber threats, along with distributed denial of service (DDoS) attacks and bullet-proof hosting services, according to the UK National Crime Agency.

In 2013, the NCA’s National Cyber Crime Unit (NCCU) warned of a mass email-borne Cryptolocker ransomware campaign aimed at small and medium-sized enterprises (SMEs) and consumers.

Since then, ransomware has become ever more popular with cyber criminals, with its use increasing by 58% in the second quarter of 2015, according to a threat report by Intel Security.

Research has shown that relatively low-cost ransomware attacks typically net thousands of pounds a week for attackers. ................................................

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close