The San Francisco public train service has been hit by a ransomware attack that has shut down its payment systems. The San Francisco Municipal Transportation Agency confirmed that it had to shut down payment kiosks and offer free rides on 26 November due to a cyberattack.
Payment machines across the American city displayed a mysterious message that read “You Hacked, ALL Data Encrypted. Contact For Key(firstname.lastname@example.org)ID:681 ,Enter.” The message itself was reminiscent of other malware attacks where cybercriminals leave messages for the victims to reach out and attempt to pay the ransom.
The malware had also shut down a quarter of the Muni servers, which left the service having to manually inform train drivers of their routes.
It is understood that the hacker demanded 100 Bitcoin as ransom; which translated into about RM325,000. The Muni agency has apparently paid the ransom in order to restore its systems and take control of the transportation system.
Cybercriminals are beginning to go after bigger targets with ransomware. Two Californian hospitals already fell victim to these kinds of attacks, and were forced to pay large sums of money to regain access to patient records.