San Francisco’s light rail system let passengers ride for free over the weekend after hundreds of its computers were infected with ransomware.
The San Francisco Municipal Railroad, “Muni,” said in a statement Monday that it has begun working with both the FBI and Department of Homeland Security after suffering from a ransomware infection that resulted in complimentary fares during the weekend for some riders.
Muni learned Friday morning that malware had encrypted and accordingly affected access to approximately 900 office computers as well as other various systems, the transit agency said Monday. Affected machines were compromised to display the message “You Hacked, ALL Data Encrypted,” as well as details about how to restore access in exchange for a hefty ransom.
No data was stolen, and not a penny was paid of the roughly $73,000 sought by the actor responsible, Muni said. Nonetheless, the agency said it decided to turn off ticket machines and fare gates at its Muni Metro subway stations from Friday morning through Sunday “to minimize any potential risk or inconvenience” to transit passengers.
“We made the decision to shut down those (gates) until we knew what we were dealing with and what the impact on customers would be,” SFMTA spokesperson Paul Rose told the San Francisco Chronicle. “Once we learned that customers’ information was not part of this, we turned them back on.”
Muni “never considered paying the ransom,” the agency said in Monday’s statement.
“We have an information technology team in place that can restore our systems, and that is what they are doing,” the statement continued. “Existing backup systems allowed us to get most affected computers up and running this morning, and our information technology team anticipates having the remaining computers functional in the next day or two.”
As Muni scrambled to respond during the post-Thanksgiving weekend, however, the agency resorted in the interim to assigning routes to drivers by way of handwritten notes in stead of traditional user printouts, the San Francisco Examiner reported.
“With enough knowledge, hackers can create real disaster related to train safety,” said Idan Udi Edry, CEO of Nation-E, a cybersecurity company that emphasizes protecting critical infrastructure.
Security researchers who reviewed the message left by the Muni hacker don’t believe a major city’s transit system was specifically targeted, however. Instead, rather, experts who have analyzed the attack said it appears the hacker scanned the internet looking for computers that run a vulnerable version of Oracle WebLogic, a Java application server used by Muni, Ars Technica reported.
When the San Francisco Examiner sent an email to the hacker whose address appeared in the ransom message, they replied: “We do this for money, nothing else.”
Sen. Barbara Boxer, California Democrat, wrote FBI Director James Comey in April expressing concern after Hollywood Presbyterian Medical Center in Los Angeles admitted paying nearly $17,000 to regain access to data encrypted during a ransomware infection.
“Ransomware attacks are not only proliferating, they’re becoming more sophisticated,” the FBI said in an article published to its website later that month that cited a rash of infections suffered in previous months by victims ranging from hospitals and school districts to state and local governments and businesses.
“The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files and the potential harm to an organization’s reputation,” the FBI said. In May, the FBI said ransomware infections caused more than $1.6 million in damages during 2015.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.