If you're going to San Francisco be sure to travel free with ransomware
The Muni public transport system in San Francisco has been hit by a major ransomware attack over the weekend that left the network having to give passengers free travel.
It's estimated that around 2,000 systems have been affected by the attack, which began on Friday, including ticket machines, servers and Windows workstations.
The software used in the attack is believed to be a variant of HDDCryptor. This uses freeware and open source tools to encrypt hard drives and network-shared files, as well as overwriting the master boot record on infected systems. Locked machines displayed a message reading, "You Hacked, ALL Data Encrypted. Contact For Key," followed by a Russian email address. Ticketing systems across the network were shut down as a precaution.
It seems that the San Francisco Municipal Transport Agency (SFMTA) wasn't specifically targeted, however, the infection resulted from an employee downloading an infected torrent file according to the SF Examiner which contacted the address left by the attacker. The hackers are demanding a ransom of 100 Bitcoins -- currently worth around $73,000.
Ticketing systems were going back online on Sunday with travelers once again expected to pay for their journeys. There's no suggestion that SFMTA has paid any ransom. It is feared that systems holding payroll information and personal details of employees may have been infected and that data could therefore be at risk.
The attackers would appear to have struck lucky -- or perhaps unlucky -- by finding such a high profile target apparently at random. The authorities will doubtless be keen to track down the perpetrators.