INFRA
INFRA
INFRA
San Francisco commuters get free Muni rides thanks to ransomware infection
San Francisco public transport passengers received a pleasant surprise over the weekend as the city’s Muni network offered free rides as a result of the ticketing network being hijacked by ransomware.
A variant of the HDDCryptor malware hit 2,112 computers within the San Francisco Municipal Transportation Agency, with messages appearing on the screens of ticket machines reading “You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681, Enter.”
According to reports, the hacker is demanding a payment of 100 bitcoin ($73,356) to unencrypt the affected computers, which in addition to ticketing machines included office administration desktops, computer-aided design workstations, email and print servers, employee laptops, payroll systems and SQL databases according to The Register.
“There’s no impact to the transit service, but we have opened the fare gates as a precaution to minimize customer impact,” Muni spokesperson Paul Rose told CBS Local. “Because this is an ongoing investigation it would not be appropriate to provide additional details at this point.”
Unlike other forms of ransomware, HDDCryptor not only targets resources in network shares such as drives, folders, files, printers and serial ports via Server Message Block, but also locks the drive in infected, according to security firm Trend Micro. That’s how it spread across so many machines within the Municipal Transportation Agency network.
The attack vector for HDDCryptor is usually via an employee introducing it to the network either through a USB device of by opening an infected attachment in an email. While HDDCryptor can be removed and files restored using specialist security software, manual removal isn’t possible, and in some cases, a full Windows reinstall may be required.
The aggressive nature of the malware also means that all infected systems need to be isolated from the network lest they reinfect the network again. That means it could take days or even weeks to completely purge it from the network — unless the SFMTA decides it would be simpler to pay the ransom and obtains the master decryption key instead.
Image credit: yusamoilov/Flickr/CC by 2.0
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
