- A few of our favorite things on Newegg are on sale for Black Friday 3 Years Ago
- Disney adds ‘Bob’s Burgers’ movie back to release schedule after accidentally yanking it 3 Years Ago
- Ocasio-Cortez launches petition demanding Stephen Miller’s resignation Today 1:24 PM
- Prince Andrew’s defense against child sex crimes stokes conspiracy theory flames Today 1:20 PM
- More people may be looking to cancel Disney+ than Netflix Today 1:09 PM
- Monday Night Football: How to stream Chiefs vs. Chargers live Today 1:00 PM
- After days of deadly protests, Iran implements ‘largest internet shutdown ever’ Today 12:55 PM
- ‘Disney Plus and thrust’ is apparently the new Netflix and Chill Today 12:32 PM
- Woman fired, sued after coworker shared their sexts Today 12:22 PM
- Group running GoFundMe for border wall breaks ground without permits Today 11:47 AM
- Biden says he won’t support federal legalization of marijuana Today 11:42 AM
- People can’t get enough of ‘Baby Yoda’ Today 11:41 AM
- ‘The Crown’ season 3 switches its cast but loses none of its intrigue Today 11:23 AM
- Protesters occupying Hong Kong university post last wishes to Twitter as police move in Today 11:19 AM
- Sara Lee navigates dirty Instagram comments after ‘SNL’ sketch Today 11:18 AM
San Francisco’s public transport agency suffered a crippling malware attack on Friday evening, as criminal hackers held the locked up system to a ransom of 100 bitcoins on Thanksgiving weekend.
Passengers were allowed to ride the rail system for free as over 2,100 different computers were affected within the Municipal Transportation Agency’s colossal network including ticket kiosks, office desktop computers, email servers and SQL databases.
According to passengers, screens briefly displayed a message from the hackers behind the infection: “You Hacked, ALL Data Encrypted, Contact For Key ([email protected]) ID:601.”
The lethal malware, which was a variant of a known strain called HDDCryptor, usually hits the system when a email or attachment hosting it is opened or downloaded. From there the malware virus gets to work, quickly encrypting hard drives and essential network files by generating random encryption keys. Newer versions of this malware also scramble the hard drive’s master boot record (MBR) locking the system hostage.
The extortionists behind the attack in San Francisco over the weekend demanded the equivalent of $73,000 be paid in bitcoins before they would free the network. The Yandex email address the hackers made appear on screen has been used in previous malware attacks. It offers each victim a personal ID through which to contact the malware gang.
Yandex is a Russian email provider, and journalists at the Verge who contacted the address reported that they had received the following response in broken English from those claiming responsibility:
“we don’t attention to interview and propagate news ! our software working completely automatically and we don’t have targeted attack to anywhere ! SFMTA network was Very Open and 2000 Server/PC infected by software ! so we are waiting for contact any responsible person in SFMTA but i think they don’t want deal ! so we close this email tomorrow!”
In a public statement to the press, the Municipal Transport Agency’s [SFMTA] spokesperson Paul Rose explained, “We are focused now on working to investigate the matter fully to find out all other details … [A]t this point there is no impact to transit service, to our security systems or to our customers’ private information.”
According to news-site Hoodline, some ticket kiosks were back up and running by Sunday morning. In a statement, the SFMTA said, “The situation is now contained, and we have prioritized restoring our systems to be fully operational. ”
The SFMTA has made no statements as to how this was achieved or whether officials had given in by simply paying the ransom. The downed network reportedly cost the city over $500,000 per day in uncollected fares.
David Gilmour is a reporter who specializes in national politics, internet culture, and technology.