San Francisco MTA Forced To Give Free Rides After Network Infected With Ransomware

from the pwned dept

We’ve noted consistently how the medical industry has become a hotbed of ransomware attacks thanks to too many incompetent IT administrators, and too many hardware vendors for which security is a fleeting afterthought. In fact, hospitals are now seeing more than 20 ransomware attacks a day; attacks that in many instances have forced the cancellation of scheduled surgeries and wreaked havoc on the day-to-day operations of many in the healthcare sector.

But security incompetence isn’t restricted just to the healthcare industry. Last week, the San Francisco mass transit system learned this the hard way when hackers effectively took over transit systems used by the San Francisco Municipal Transit Agency, infecting them with ransomware and refusing to return control unless the city was willing to pay $73,000 in bitcoin. The hack hasn’t just disabled the city’s transit systems, but apparently has crippled the SF MTA’s payroll systems, email servers, Quickbooks, NextBus operations, various MySQL database servers, and staff training and personal computers for hundreds of employees.

All told, it’s believed that hackers compromised about 2,112 of the 8,656 computers attached to the SF MTA’s network. As a result, the city had to simply unlock all turnstiles and let riders ride the system for free as it tried to climb out from underneath the mess:

Like most ransomware attacks, the SF MTA is being told to make a payment to an anonymous bitcoin wallet if they want the key to decrypt compromised data on its hard drives:

“if You are Responsible in MUNI-RAILWAY ! All Your Computer?s/Server’s in MUNI-RAILWAY Domain Encrypted By AES 2048Bit! We have 2000 Decryption Key ! Send 100BTC to My Bitcoin Wallet , then We Send you Decryption key For Your All Server’s HDD!! We Only Accept Bitcoin , it?s So easy! you can use Brokers to exchange your money to BTC ASAP it’s Fast way!”

The SF MTA’s backups don’t appear to have been impacted, so it should be able to save at least some data (depending on how old they are). But local San Francisco news outlets say that SF MTA employees aren’t sure they’ll be getting paid this week, and the agency stands to lose around $559,000 per day for as long as it’s forced to suspend charging fares. All told it’s just another reminder that we have a lot of work to do securing necessary and highly vulnerable domestic infrastructure before we get too busy internationally expanding the cyber.

Filed Under: , , , ,
Companies: sfmta

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “San Francisco MTA Forced To Give Free Rides After Network Infected With Ransomware”

Subscribe: RSS Leave a comment
17 Comments
That One Guy (profile) says:

"All your networks are belong to us, make your payments."

"if You are Responsible in MUNI-RAILWAY ! All Your Computer’s/Server’s in MUNI-RAILWAY Domain Encrypted By AES 2048Bit! We have 2000 Decryption Key ! Send 100BTC to My Bitcoin Wallet , then We Send you Decryption key For Your All Server’s HDD!! We Only Accept Bitcoin , it’s So easy! you can use Brokers to exchange your money to BTC ASAP it’s Fast way!"

Ah engrish at it’s finest, for when you want to hold a city’s transportation system for ransom but don’t actually have the time to put together a decently translated ransom demand.

I especially like how the last two sentences almost read as an advertisement for bitcoin. It’s so easy! you can use Brokers to exchange your money to BTS ASAP it’s Fast way!, like they’re just so enthusiastic about bitcoin that they couldn’t help but gush about it a bit, even as they demand money.

That Anonymous Coward (profile) says:

Gee, perhaps maybe someone should question why these critical systems are connected to the interwebs given the current climate.
There are so many cases now where horrible outcomes are possible. (Sorry we closed our OR because Becki in HR thought that flash update was needed to see the awesome kitten video.)

The government can’t seem to do much but stick the word cyber infront of every 4th word, try and panic people. They can’t even manage to issue a press release with actual advice like, DISCONNECT IT FROM THE FUCKING NET!

IT guys have been mentioning all of these problems, but someone decided that if the CEO wants to be able to hit a button and see things… it has to happen. In the past it was cheap to pay for credit report monitoring for those you failed to protect, but now… they are demanding real money to give you back your files… that they probably downloaded before encrypting for a secondary payday.

So all of those fancy salesmen who sold you this awesome cloud solution… did they include free decryption services?

Anonymous Coward says:

Re: Re:

Gee, perhaps maybe someone should question why these critical systems are connected to the interwebs given the current climate.

So they can do things like process credit card payments and get schedule information. The internet is how we transfer information these days, and designing a computer system whose security depends on a lack of connection is exactly the wrong thing to do. This is a large network of computers, and at least one will eventually be connected to the internet by accident or necessity. The systems should assume a hostile network.

Simply connecting something to the internet is rarely a problem. (I.e., it’s been a while since a TCP/IP stack has had some bug allowing code execution.) There’s probably some default password or unnecessary & insecure service, or there’s a single access token that can and did compromise the whole system.

Anonymous Coward says:

IT Does not control direction and budget

Snowflake Execs is right. The days of IT being able to control policies and direction are long past and it is execs that set the tone and security stance of an organization and what will be allowed and what won’t. “We have to let zip files through . . . .”

Oh, and just try to get the budget and resources for enough staff, much less good security solutions – including robust enough backup systems. Even then, that is not a slam dunk anymore. Restore, but lose 12 hours of transactions.

“What do you mean we can’t restore from a couple of hours ago?”

“Remember when we asked for better backup system last year? The anemic IT budget approval cut that out.”

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...