San Francisco MTA Forced To Give Free Rides After Network Infected With Ransomware
from the pwned dept
We’ve noted consistently how the medical industry has become a hotbed of ransomware attacks thanks to too many incompetent IT administrators, and too many hardware vendors for which security is a fleeting afterthought. In fact, hospitals are now seeing more than 20 ransomware attacks a day; attacks that in many instances have forced the cancellation of scheduled surgeries and wreaked havoc on the day-to-day operations of many in the healthcare sector.
But security incompetence isn’t restricted just to the healthcare industry. Last week, the San Francisco mass transit system learned this the hard way when hackers effectively took over transit systems used by the San Francisco Municipal Transit Agency, infecting them with ransomware and refusing to return control unless the city was willing to pay $73,000 in bitcoin. The hack hasn’t just disabled the city’s transit systems, but apparently has crippled the SF MTA’s payroll systems, email servers, Quickbooks, NextBus operations, various MySQL database servers, and staff training and personal computers for hundreds of employees.
All told, it’s believed that hackers compromised about 2,112 of the 8,656 computers attached to the SF MTA’s network. As a result, the city had to simply unlock all turnstiles and let riders ride the system for free as it tried to climb out from underneath the mess:
.@sfmta_muni giving free rides today because hackers shut down the computer system. Employee computers showing this pic.twitter.com/fvVnUayWVG
— KPIX 5 (@CBSSF) November 27, 2016
Like most ransomware attacks, the SF MTA is being told to make a payment to an anonymous bitcoin wallet if they want the key to decrypt compromised data on its hard drives:
“if You are Responsible in MUNI-RAILWAY ! All Your Computer?s/Server’s in MUNI-RAILWAY Domain Encrypted By AES 2048Bit! We have 2000 Decryption Key ! Send 100BTC to My Bitcoin Wallet , then We Send you Decryption key For Your All Server’s HDD!! We Only Accept Bitcoin , it?s So easy! you can use Brokers to exchange your money to BTC ASAP it’s Fast way!”
The SF MTA’s backups don’t appear to have been impacted, so it should be able to save at least some data (depending on how old they are). But local San Francisco news outlets say that SF MTA employees aren’t sure they’ll be getting paid this week, and the agency stands to lose around $559,000 per day for as long as it’s forced to suspend charging fares. All told it’s just another reminder that we have a lot of work to do securing necessary and highly vulnerable domestic infrastructure before we get too busy internationally expanding the cyber.
Filed Under: encryption, malware, ransomware, san francisco, sf muni
Companies: sfmta
Comments on “San Francisco MTA Forced To Give Free Rides After Network Infected With Ransomware”
Is DR ready!!!???
We are about to find out!
"All your networks are belong to us, make your payments."
"if You are Responsible in MUNI-RAILWAY ! All Your Computer’s/Server’s in MUNI-RAILWAY Domain Encrypted By AES 2048Bit! We have 2000 Decryption Key ! Send 100BTC to My Bitcoin Wallet , then We Send you Decryption key For Your All Server’s HDD!! We Only Accept Bitcoin , it’s So easy! you can use Brokers to exchange your money to BTC ASAP it’s Fast way!"
Ah engrish at it’s finest, for when you want to hold a city’s transportation system for ransom but don’t actually have the time to put together a decently translated ransom demand.
I especially like how the last two sentences almost read as an advertisement for bitcoin. ‘It’s so easy! you can use Brokers to exchange your money to BTS ASAP it’s Fast way!‘, like they’re just so enthusiastic about bitcoin that they couldn’t help but gush about it a bit, even as they demand money.
Another angry leftist rant?! How dare you think we should take security seriously?? What’s next, socialism??
Re: Re:
Indeedy! Let the market sort it out. 😛
When there isn’t a problem: “What are we paying IT for?”
When there is a problem: “What are we paying IT for!?”
Re: Re:
Some IT person there sent his boss that email he got from his boss long ago where the boss denied the requisition for improved backups.
Re: Re: Re:
um, actually, no he didnt.. email was also compromised / snarc
Gee, perhaps maybe someone should question why these critical systems are connected to the interwebs given the current climate.
There are so many cases now where horrible outcomes are possible. (Sorry we closed our OR because Becki in HR thought that flash update was needed to see the awesome kitten video.)
The government can’t seem to do much but stick the word cyber infront of every 4th word, try and panic people. They can’t even manage to issue a press release with actual advice like, DISCONNECT IT FROM THE FUCKING NET!
IT guys have been mentioning all of these problems, but someone decided that if the CEO wants to be able to hit a button and see things… it has to happen. In the past it was cheap to pay for credit report monitoring for those you failed to protect, but now… they are demanding real money to give you back your files… that they probably downloaded before encrypting for a secondary payday.
So all of those fancy salesmen who sold you this awesome cloud solution… did they include free decryption services?
Re: Re:
So they can do things like process credit card payments and get schedule information. The internet is how we transfer information these days, and designing a computer system whose security depends on a lack of connection is exactly the wrong thing to do. This is a large network of computers, and at least one will eventually be connected to the internet by accident or necessity. The systems should assume a hostile network.
Simply connecting something to the internet is rarely a problem. (I.e., it’s been a while since a TCP/IP stack has had some bug allowing code execution.) There’s probably some default password or unnecessary & insecure service, or there’s a single access token that can and did compromise the whole system.
Re: Re: Re:
Processing credit cards makes sense for that system to have net access… they can’t do payroll now.
They need to consider what is connected to what, and why.
Cyberpunk is now just reality.
Send in the drones
Trump will fix it. He will get the NSA to locate the cyber hacker and send in an air strike.
Re: Send in the drones
He doesn’t need the NSA for that. He can just pick his favorite target of the week, blame them and call up the generals.
I wonder where Terry Childs is now.
thanks to too many special snowflake MDs, RNs, CxOs, and VPs of sanitary receptacles that refuse to let IT do even the most basic controls and security and cut the budget for that backup system every year to use that money for VIP bonuses.
FTFY
IT Does not control direction and budget
Snowflake Execs is right. The days of IT being able to control policies and direction are long past and it is execs that set the tone and security stance of an organization and what will be allowed and what won’t. “We have to let zip files through . . . .”
Oh, and just try to get the budget and resources for enough staff, much less good security solutions – including robust enough backup systems. Even then, that is not a slam dunk anymore. Restore, but lose 12 hours of transactions.
“What do you mean we can’t restore from a couple of hours ago?”
“Remember when we asked for better backup system last year? The anemic IT budget approval cut that out.”
Re: IT Does not control direction and budget
He who goes cheap on the IT and staff suffers for it later.