The San Francisco Municipal Transport Agency (SFMTA) said “on Nov. 25, the SFMTA was a victim of a ransomware attack,” and “the situation is now contained, and we have prioritized restoring our systems to be fully operational.” More than 2000 computer and payment systems were affected. According to the San Francisco Examiner, SFMTA confirmed a Ransomware attack against the station fare systems, causing to shut down of ticket kiosks and make rides free this weekend. Nearly 30 GB of sensitive data, including databases and employee information were under threat.
On the screen of SFMTA computer system, the message displayed was “You Hacked, ALL Data Encrypted. Contact For Key(cryptom27[@]yandex.com)ID:681, Enter”.
The attackers purportedly used the ransomware HDDCryptor, also known as Mamba, to carry out the attack. The ransomware is unique, in the sense that it encrypts a target’s hard drive rather than individual files.
The target machine is typically infected by accidentally opening a malicious executable in an email or download, and then the malware spreads out across the network.
The attackers were demanding a ransom of roughly $73,000 to restore the SFMTA computer system.
In an email exchange the attacker wrote: “We Don’t live in USA but I hope Company Try to Fix it Correctly and We Can Advise Them But if they Don’t , We Will Publish 30G Databases and Documents include contracts , employees data , LLD Plans , customers and… to Have More Impact to Company To Force Them to do Right Job!”
The spokesperson of SFMTA, Paul Rose, denied the allegations of attackers, and told that customer privacy and transaction information were in order. He further said that “we have never considered paying ransom and don’t intend to”. He also said that they are investigating the matter and "working to resolve the situation,"
The identity of hackers and the extent at which the threat happened are all a secret at present. But the everyday instances remind us as to how far vulnerable our infrastructure is.
On the screen of SFMTA computer system, the message displayed was “You Hacked, ALL Data Encrypted. Contact For Key(cryptom27[@]yandex.com)ID:681, Enter”.
The attackers purportedly used the ransomware HDDCryptor, also known as Mamba, to carry out the attack. The ransomware is unique, in the sense that it encrypts a target’s hard drive rather than individual files.
The target machine is typically infected by accidentally opening a malicious executable in an email or download, and then the malware spreads out across the network.
The attackers were demanding a ransom of roughly $73,000 to restore the SFMTA computer system.
In an email exchange the attacker wrote: “We Don’t live in USA but I hope Company Try to Fix it Correctly and We Can Advise Them But if they Don’t , We Will Publish 30G Databases and Documents include contracts , employees data , LLD Plans , customers and… to Have More Impact to Company To Force Them to do Right Job!”
The spokesperson of SFMTA, Paul Rose, denied the allegations of attackers, and told that customer privacy and transaction information were in order. He further said that “we have never considered paying ransom and don’t intend to”. He also said that they are investigating the matter and "working to resolve the situation,"
The identity of hackers and the extent at which the threat happened are all a secret at present. But the everyday instances remind us as to how far vulnerable our infrastructure is.
No comments:
Post a Comment