kaptn - Fotolia
San Francisco’s Muni transport system was reportedly hit by a ransomware attack at the weekend that affected all rail fare payment machines.
The attackers displayed messages on fare system computer screens that said: “You Hacked, ALL Data Encrypted. Contact For Key(firstname.lastname@example.org)ID:681.”
Yandex is a Russian internet company that provides a range of online services, including email, social networking and search.
The trains were unaffected, however, and Muni confirmed that all systems were up and running again by Sunday afternoon. It is unknown whether the attack has been contained, however.
On Saturday, Muni spokesman Paul Rose told CBS: “Because this is an ongoing investigation, it would not be appropriate to provide additional details at this point.”
The attack meant passengers were able to travel free of charge as Muni opened the fare gates to minimise disruption on services.
Unidentified attackers demanded 100 bitcoins ($73,000 or £56,000) in ransom, according to the BBC, indicating that it was a ransomware attack, which is a low-cost, low-risk form of cyber extortion.
The attackers used a variant of the HDDCryptor malware and claimed to have infected 2,112 computers, including office admin desktops, CAD workstations, email and print servers, employee laptops, payroll systems, SQL databases, lost and found property terminals, and station kiosk PCs, according to the Register.
Ransomware attacks have become extremely popular with cyber attackers in recent times and typically involve malware that encrypts computer systems and demands payment in return for the decryption key.
Read more about ransomware
- Next wave of ransomware expected to be more pervasive, resilient and capable of spreading quickly and effectively throughout networks by capitalising on vulnerabilities.
- Businesses still get caught by ransomware even though straightforward avoidance methods exist.
- The CryptoLocker ransomware caught many enterprises off guard, but there is a defence strategy that works.
The alert urged organisations to back up data and warned that paying ransom does not guarantee the release of files encrypted by ransomware.
Attackers have also increasingly targeted medical facilities in the UK, the US and Europe. In August 2016, security firm Trend Micro warned that UK organisations were not taking ransomware seriously enough.
An information request by security firm SentinelOne revealed that 40% of UK universities had been targeted by ransomware in the past year, while a study by security firm NCC Group revealed that 47% of NHS trusts in England had been targeted in the same way.
Since then, ransomware has become ever more popular with cyber criminals, with its use increasing by 58% in the second quarter of 2015, according to a threat report by Intel Security.
Research has shown that relatively low-cost ransomware attacks typically net thousands of pounds a week for attackers. ................................................