Weekend of free rides follows ransomware attack on Bay Area transit
The San Francisco Municipal Transportation Agency is the latest of several institutions to experienced a ransomware attack on computer systems.
Muni riders and pedestrians brave the rain ino the Financial District of San Francisco on Friday, Oct. 14, 2016.
Karl Mondon/ San Jose Mercury News via AP/ File
San Francisco over the weekend became the latest city to have agencies hit with "ransomware" – a type of cyberattack that encrypts files, often refusing to decrypt them until hackers have received payment – continuing a trend of ransomware scammers targeting larger institutions.
The attack began on Friday and targeted computer systems associated with the San Francisco Municipal Transportation Agency's light rail system, affecting database servers, staff training records, emails, and even payroll systems. More thanÌý2,000 of the 8,656 computers that transportation agency uses were affected,Ìý, and hackers demandedÌýmore than $70,000Ìýin ransomÌý– a fee they are , Forbes reports, as the system is now back up and running.Ìý
Ransomware is "like a thief locking you out of your house and charging a fee to let you back in," Mahendra Ramsinghani, a Silicon Valley venture capitalist who invests in security companies, told the San Francisco Chronicle.ÌýInitial ransomware attacks may involve locking out a computer and displaying pornographic or otherwise embarrassing images until victims pay small sums such as $10, . In April, the Federal Bureau of Investigation estimated that in 2016, CNN reported.
Recently, such attacks have begun to spread to larger institutions and corporations. In February, the Hollywood Presbyterian Medical Center to a malicious ransomware attack which seized control of the hospital’s computer systems and denied hospital workers access until about $17,000 in bitcoin was paid.
In March,Ìýransomware hackers launched an attack on MedStar Health, a network of 10 hospitals in the Baltimore-Washington, D.C., area. And in June the University of Calgary announced that itÌý to recover emails that had been encrypted for a week in a ransomware attack.ÌýSimilar attacks have taken place against aÌýÌýin Indiana and, this week, oneÌý.
The most recent attack on the SFMTA shut down payment kiosks city-wide and displayed a message that read "You Hacked, ALL Data Encrypted" on agency computers. The attack effectively shut down access to the computer network, forcing officials to allow commuters free access to the city’s public transit system.
"There's no impact to the transit service, but we have opened the fare gates as a precaution to minimize customer impact," agency spokesperson Paul Rose told the . "Because this is an ongoing investigation it would not be appropriate to provide additional details at this point."
However, the incidentÌýleft some passengers and employees nervous about the potential implications.
"I think it is terrifying. I really do," one passenger told CBS on Saturday. "I think if they can start doing this you know here, we're not safe anywhere."Ìý
Meanwhile, transit employees questioned whether the agency would be able to access their systems in order to make payroll this week.ÌýAs of Monday, however, online systems were back up and running, according to Forbes.
On Sunday, Mr. Ramsinghani, who said such ransomware attacks are rare for transit agencies, urged staff to be transparent about the ongoing investigation.Ìý
"It is the duty of an agency such as SFMTA/Muni to inform people of what they have discovered," Ramsinghani told the Chronicle. "The fact that they have not stated anything tells me that there could be something deeper."