San Francisco MTA Forced To Give Free Rides After Network Infected With Ransomware

from the pwned dept

We've noted consistently how the medical industry has become a hotbed of ransomware attacks thanks to too many incompetent IT administrators, and too many hardware vendors for which security is a fleeting afterthought. In fact, hospitals are now seeing more than 20 ransomware attacks a day; attacks that in many instances have forced the cancellation of scheduled surgeries and wreaked havoc on the day-to-day operations of many in the healthcare sector.

But security incompetence isn't restricted just to the healthcare industry. Last week, the San Francisco mass transit system learned this the hard way when hackers effectively took over transit systems used by the San Francisco Municipal Transit Agency, infecting them with ransomware and refusing to return control unless the city was willing to pay $73,000 in bitcoin. The hack hasn't just disabled the city's transit systems, but apparently has crippled the SF MTA's payroll systems, email servers, Quickbooks, NextBus operations, various MySQL database servers, and staff training and personal computers for hundreds of employees.

All told, it's believed that hackers compromised about 2,112 of the 8,656 computers attached to the SF MTA's network. As a result, the city had to simply unlock all turnstiles and let riders ride the system for free as it tried to climb out from underneath the mess:
Like most ransomware attacks, the SF MTA is being told to make a payment to an anonymous bitcoin wallet if they want the key to decrypt compromised data on its hard drives:
"if You are Responsible in MUNI-RAILWAY ! All Your Computer’s/Server's in MUNI-RAILWAY Domain Encrypted By AES 2048Bit! We have 2000 Decryption Key ! Send 100BTC to My Bitcoin Wallet , then We Send you Decryption key For Your All Server's HDD!! We Only Accept Bitcoin , it’s So easy! you can use Brokers to exchange your money to BTC ASAP it's Fast way!"
The SF MTA's backups don't appear to have been impacted, so it should be able to save at least some data (depending on how old they are). But local San Francisco news outlets say that SF MTA employees aren't sure they'll be getting paid this week, and the agency stands to lose around $559,000 per day for as long as it's forced to suspend charging fares. All told it's just another reminder that we have a lot of work to do securing necessary and highly vulnerable domestic infrastructure before we get too busy internationally expanding the cyber.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: encryption, malware, ransomware, san francisco, sf muni
Companies: sfmta


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 28 Nov 2016 @ 11:56am

    Is DR ready!!!???

    We are about to find out!

    link to this | view in chronology ]

  • icon
    That One Guy (profile), 28 Nov 2016 @ 12:02pm

    "All your networks are belong to us, make your payments."

    "if You are Responsible in MUNI-RAILWAY ! All Your Computer’s/Server's in MUNI-RAILWAY Domain Encrypted By AES 2048Bit! We have 2000 Decryption Key ! Send 100BTC to My Bitcoin Wallet , then We Send you Decryption key For Your All Server's HDD!! We Only Accept Bitcoin , it’s So easy! you can use Brokers to exchange your money to BTC ASAP it's Fast way!"

    Ah engrish at it's finest, for when you want to hold a city's transportation system for ransom but don't actually have the time to put together a decently translated ransom demand.

    I especially like how the last two sentences almost read as an advertisement for bitcoin. 'It's so easy! you can use Brokers to exchange your money to BTS ASAP it's Fast way!', like they're just so enthusiastic about bitcoin that they couldn't help but gush about it a bit, even as they demand money.

    link to this | view in chronology ]

  • identicon
    The Dispshit, 28 Nov 2016 @ 12:21pm

    Another angry leftist rant?! How dare you think we should take security seriously?? What's next, socialism??

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Nov 2016 @ 12:42pm

    When there isn't a problem: "What are we paying IT for?"

    When there is a problem: "What are we paying IT for!?"

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Nov 2016 @ 1:34pm

      Re:

      Some IT person there sent his boss that email he got from his boss long ago where the boss denied the requisition for improved backups.

      link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 28 Nov 2016 @ 1:20pm

    Gee, perhaps maybe someone should question why these critical systems are connected to the interwebs given the current climate.
    There are so many cases now where horrible outcomes are possible. (Sorry we closed our OR because Becki in HR thought that flash update was needed to see the awesome kitten video.)

    The government can't seem to do much but stick the word cyber infront of every 4th word, try and panic people. They can't even manage to issue a press release with actual advice like, DISCONNECT IT FROM THE FUCKING NET!

    IT guys have been mentioning all of these problems, but someone decided that if the CEO wants to be able to hit a button and see things... it has to happen. In the past it was cheap to pay for credit report monitoring for those you failed to protect, but now... they are demanding real money to give you back your files... that they probably downloaded before encrypting for a secondary payday.

    So all of those fancy salesmen who sold you this awesome cloud solution... did they include free decryption services?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Nov 2016 @ 1:55pm

      Re:

      Gee, perhaps maybe someone should question why these critical systems are connected to the interwebs given the current climate.

      So they can do things like process credit card payments and get schedule information. The internet is how we transfer information these days, and designing a computer system whose security depends on a lack of connection is exactly the wrong thing to do. This is a large network of computers, and at least one will eventually be connected to the internet by accident or necessity. The systems should assume a hostile network.

      Simply connecting something to the internet is rarely a problem. (I.e., it's been a while since a TCP/IP stack has had some bug allowing code execution.) There's probably some default password or unnecessary & insecure service, or there's a single access token that can and did compromise the whole system.

      link to this | view in chronology ]

      • icon
        That Anonymous Coward (profile), 29 Nov 2016 @ 6:14pm

        Re: Re:

        Processing credit cards makes sense for that system to have net access... they can't do payroll now.

        They need to consider what is connected to what, and why.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Nov 2016 @ 1:55pm

    Cyberpunk is now just reality.

    link to this | view in chronology ]

  • identicon
    John, 28 Nov 2016 @ 2:08pm

    Send in the drones

    Trump will fix it. He will get the NSA to locate the cyber hacker and send in an air strike.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Nov 2016 @ 2:43pm

      Re: Send in the drones

      He doesn't need the NSA for that. He can just pick his favorite target of the week, blame them and call up the generals.

      link to this | view in chronology ]

  • icon
    orbitalinsertion (profile), 28 Nov 2016 @ 3:13pm

    I wonder where Terry Childs is now.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Nov 2016 @ 4:03pm

    thanks to too many special snowflake MDs, RNs, CxOs, and VPs of sanitary receptacles that refuse to let IT do even the most basic controls and security and cut the budget for that backup system every year to use that money for VIP bonuses.

    FTFY

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Nov 2016 @ 9:15am

    IT Does not control direction and budget

    Snowflake Execs is right. The days of IT being able to control policies and direction are long past and it is execs that set the tone and security stance of an organization and what will be allowed and what won't. "We have to let zip files through . . . ."

    Oh, and just try to get the budget and resources for enough staff, much less good security solutions - including robust enough backup systems. Even then, that is not a slam dunk anymore. Restore, but lose 12 hours of transactions.

    "What do you mean we can't restore from a couple of hours ago?"

    "Remember when we asked for better backup system last year? The anemic IT budget approval cut that out."

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.