Cyber Security

San Francisco Rides For Free After Transit Sytem Hit With Ransomware

Muni riders got a pass as employees tried, without success, to access their network

Cyber Security
Photo Illustration: Diana Quach
Nov 28, 2016 at 1:22 PM ET

San Franciscans got to travel the city for free this weekend, thanks to hackers holding one of the city’s public transit systems for ransom.

According to local news reports, on Saturday, the city’s Municipal Transportation Agency, Muni, was hit with ransomware — malicious code that locks a system’s files until a bounty is paid. Muni employees who logged onto their network were greeted with a message “You Hacked. All Data Encrypted,” alongside a contact email address claiming to have the key for decryption.

Unable to quickly fix the problem, city officials set Muni ticketing machines to read “Out Of Order,” while employees unlocked fare gates and allowed customers to ride free of charge.

In a statement released on Sunday, the San Francisco Municipal Transportation Agency said the ransomware “disrupted some of our internal computer systems including e-mail.” It added that transit service was unaffected, and that customer privacy and transaction information were not compromised. An investigation is still ongoing.

While SFMTA did not comment on the specifics of the hack, a San Francisco Examiner reporter who contacted the e-mail address provided in the ominous message was told by the apparent hacker, who called himself “Andy Saolis,” that the ransom in question was $73,000. He later added that the malware used to encrypt the data was introduced to the Muni through a systems administrator who had downloaded the file, quite likely through a phishing scam. In a similar conversation with The Verge, Saolis implied that his software automatically targeted the SFMTA network because it was “very open.” According to Hoodline, a San Francisco-based news site, the hackers had access to roughly one-quarter of Muni’s computer network.

A hacker using the same name employed a similar method of holding data owned by a Brazilian Infosec research group hostage in exchange for Bitcoin earlier this fall. According to an FBI report, ransomware attack rates have nearly doubled from 2014 to 2015, and an increase of such hacks has made 2016 the unofficial “year of ransomware.”