Skip to main content

Are you a legal professional? Visit our professional site

Search for legal issues
For help near (city, ZIP code or county)
Please enter a legal issue and/or a location

Ransomware Attack Cripples San Francisco's Metro System

Article Placeholder Image
By Casey C. Sullivan, Esq. on November 28, 2016 2:57 PM

Black Friday shoppers in San Francisco were able to hop on the city's light rail system for free last week, after the city's Muni transit system fell victim to a ransomware attack. Ransomware infected about a quarter of the San Francisco Municipal Transportation Agency's computers, encrypting their files on Friday.

The hack shut down many ticketing kiosks for days, giving San Francisco straphangers a free ride for the weekend, as hackers demanded a bitcoin ransom worth $73,000.

This Free Ride Costs 100 Bitcoins

Muni's computers were hijacked by HDDCryptor ransomware, according to Hoodline. The malware, which is also known as Mamba, infected 2,112 computers according to hackers' claims -- about a quarter of Muni's total computer network. When activated, the computers declared "You Hacked, ALL Data Encrypted." Muni trains continued to run safely, but many of the computers handling rider fares were left inoperable.

When contacted by the San Francisco Examiner, the hackers demanded 100 bitcoin, or about $73,000, from the agency in order to decrypt the computers:

if You are Responsible in MUNI-RAILWAY !
All Your Computer's/Server's in MUNI-RAILWAY Domain Encrypted By AES 2048Bit!
We have 2000 Decryption Key !
Send 100BTC to My Bitcoin Wallet , then We Send you Decryption key For Your All Server's HDD!!
We Only Accept Bitcoin , it's So easy!
you can use Brokers to exchange your money to BTC ASAP
it's Fast way!

On Sunday, the transit agency announced that "the situation is now contained and we have prioritized restoring our systems to be fully operational." The FBI has not said whether they have launched a formal investigation, but has been in contact with city officials, according to Reuters.

From Muni to You

Ransomware like the kind that attacked Muni works by encrypting computer data, releasing the information after payment (often in hard-to-track bitcoins) of a ransom. It's likely that Muni wasn't targeted specifically for the attack. Rather, such malware often circulates until it finds a vulnerable system to attack, and Muni's fit the bill.

Ransomware attacks have been on the rise, too, according to reports. Hackers have used ransomware against universities, hospitals, and, yes, even law firms. Once hit with an attack, many firms simply pay the fee in order to free their files.

There are ways lawyers can protect themselves, however. Having your operating systems, software, and antivirus products up to date is one of your best defenses. Keeping regular backups of files can also help you if your computer is compromised, while learning to identify suspicious emails and attachments can reduce the likelihood of an infection in the first place. And when precautions fail, there is always cyberinsurance to help you cover the costs of a ransomware crisis.

Related Resources:

Find a Lawyer

More Options