San Francisco MTA Forced To Give Free Rides After Network Infected With Ransomware
from the pwned dept
We've noted consistently how the medical industry has become a hotbed of ransomware attacks thanks to too many incompetent IT administrators, and too many hardware vendors for which security is a fleeting afterthought. In fact, hospitals are now seeing more than 20 ransomware attacks a day; attacks that in many instances have forced the cancellation of scheduled surgeries and wreaked havoc on the day-to-day operations of many in the healthcare sector.But security incompetence isn't restricted just to the healthcare industry. Last week, the San Francisco mass transit system learned this the hard way when hackers effectively took over transit systems used by the San Francisco Municipal Transit Agency, infecting them with ransomware and refusing to return control unless the city was willing to pay $73,000 in bitcoin. The hack hasn't just disabled the city's transit systems, but apparently has crippled the SF MTA's payroll systems, email servers, Quickbooks, NextBus operations, various MySQL database servers, and staff training and personal computers for hundreds of employees.
All told, it's believed that hackers compromised about 2,112 of the 8,656 computers attached to the SF MTA's network. As a result, the city had to simply unlock all turnstiles and let riders ride the system for free as it tried to climb out from underneath the mess:
.@sfmta_muni giving free rides today because hackers shut down the computer system. Employee computers showing this pic.twitter.com/fvVnUayWVG
— KPIX 5 (@CBSSF) November 27, 2016
"if You are Responsible in MUNI-RAILWAY ! All Your Computer’s/Server's in MUNI-RAILWAY Domain Encrypted By AES 2048Bit! We have 2000 Decryption Key ! Send 100BTC to My Bitcoin Wallet , then We Send you Decryption key For Your All Server's HDD!! We Only Accept Bitcoin , it’s So easy! you can use Brokers to exchange your money to BTC ASAP it's Fast way!"The SF MTA's backups don't appear to have been impacted, so it should be able to save at least some data (depending on how old they are). But local San Francisco news outlets say that SF MTA employees aren't sure they'll be getting paid this week, and the agency stands to lose around $559,000 per day for as long as it's forced to suspend charging fares. All told it's just another reminder that we have a lot of work to do securing necessary and highly vulnerable domestic infrastructure before we get too busy internationally expanding the cyber.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, malware, ransomware, san francisco, sf muni
Companies: sfmta
Reader Comments
Subscribe: RSS
View by: Time | Thread
Is DR ready!!!???
[ link to this | view in thread ]
"All your networks are belong to us, make your payments."
"if You are Responsible in MUNI-RAILWAY ! All Your Computer’s/Server's in MUNI-RAILWAY Domain Encrypted By AES 2048Bit! We have 2000 Decryption Key ! Send 100BTC to My Bitcoin Wallet , then We Send you Decryption key For Your All Server's HDD!! We Only Accept Bitcoin , it’s So easy! you can use Brokers to exchange your money to BTC ASAP it's Fast way!"
Ah engrish at it's finest, for when you want to hold a city's transportation system for ransom but don't actually have the time to put together a decently translated ransom demand.
I especially like how the last two sentences almost read as an advertisement for bitcoin. 'It's so easy! you can use Brokers to exchange your money to BTS ASAP it's Fast way!', like they're just so enthusiastic about bitcoin that they couldn't help but gush about it a bit, even as they demand money.
[ link to this | view in thread ]
[ link to this | view in thread ]
When there is a problem: "What are we paying IT for!?"
[ link to this | view in thread ]
There are so many cases now where horrible outcomes are possible. (Sorry we closed our OR because Becki in HR thought that flash update was needed to see the awesome kitten video.)
The government can't seem to do much but stick the word cyber infront of every 4th word, try and panic people. They can't even manage to issue a press release with actual advice like, DISCONNECT IT FROM THE FUCKING NET!
IT guys have been mentioning all of these problems, but someone decided that if the CEO wants to be able to hit a button and see things... it has to happen. In the past it was cheap to pay for credit report monitoring for those you failed to protect, but now... they are demanding real money to give you back your files... that they probably downloaded before encrypting for a secondary payday.
So all of those fancy salesmen who sold you this awesome cloud solution... did they include free decryption services?
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
So they can do things like process credit card payments and get schedule information. The internet is how we transfer information these days, and designing a computer system whose security depends on a lack of connection is exactly the wrong thing to do. This is a large network of computers, and at least one will eventually be connected to the internet by accident or necessity. The systems should assume a hostile network.
Simply connecting something to the internet is rarely a problem. (I.e., it's been a while since a TCP/IP stack has had some bug allowing code execution.) There's probably some default password or unnecessary & insecure service, or there's a single access token that can and did compromise the whole system.
[ link to this | view in thread ]
[ link to this | view in thread ]
Send in the drones
[ link to this | view in thread ]
Re: Send in the drones
[ link to this | view in thread ]
[ link to this | view in thread ]
thanks to too many special snowflake MDs, RNs, CxOs, and VPs of sanitary receptacles that refuse to let IT do even the most basic controls and security and cut the budget for that backup system every year to use that money for VIP bonuses.
FTFY
[ link to this | view in thread ]
IT Does not control direction and budget
Oh, and just try to get the budget and resources for enough staff, much less good security solutions - including robust enough backup systems. Even then, that is not a slam dunk anymore. Restore, but lose 12 hours of transactions.
"What do you mean we can't restore from a couple of hours ago?"
"Remember when we asked for better backup system last year? The anemic IT budget approval cut that out."
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re:
They need to consider what is connected to what, and why.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: IT Does not control direction and budget
[ link to this | view in thread ]