On Friday November 25th some Municipal Rail (also known as Muni) riders got a little surprise. When they arrived to the ticket stations they were greeted with “Out of Service” and “Metro Free” signs. While this might have been good news for a passenger, it was not for the San Francisco Municipal Transportation Agency (SFMTA).
As it turns out the SFMTA had been hit by a ransomware attack. When station agents came in to work their computers displayed message “You Hacked, ALL Data Encrypted. Contact For Key (firstname.lastname@example.org) ID:681 ,Enter.” on Friday and Saturday, according to the Examiner. Luckily the actual light rail was still able to function and in the interest of not disrupting public transportation they allowed riders on for free. However, they still had thousands of computers that had their files encrypted, and you can’t keep giving free rides forever.
The hacker demanded a 100 bitcoin ransom, which is a digital currency that translates to around $70,000. The SFMTA was faced with a decision to make…pay the ransom, or try to get their computers back online themselves.
Luckily the SFMTA had faith in their IT team and had processes in place. According to a statement by their spokesperson Paul Rose they “never considered paying the ransom” because they were able to “fully recover” their systems. This truly shows the value of having a backup and recovery program in place. Without the ability to restore their systems the SFMTA could have been in a heap of trouble.
As it turns out the hacker didn’t specifically target the SFMTA systems. The hacker sent out their virus searching for vulnerable systems and it happened to come across theirs. The hacker even further clarified in an email:
“We don’t attention to interview and propagate news! Our software working completely automatically and we don’t have targeted attack to anywhere! SFMTA network was Very Open and 2000 Server/PC infected by software! So we are waiting for contact any responsible person in SFMTA but I think they don’t want deal! So we close this email tomorrow!”
According to Forbes, as of Monday the SFMTA systems seem to be back up and running as normal thanks to their IT team. This is an excellent example of the value of a trusted IT team and backup and recovery plan. It also stresses the importance of keeping your software up to date. The gateway into their system was an outdated Windows Server 2000 which saw it’s end of life in 2010 and was no longer supported.
If you have questions about your own business’s network security let us know, we are here to help and can provide you with the support and expertise you need.