San Francisco’s Municipal Transport Agency (SMTA) is expecting to have suffered a $50,000 hit in lost fares over the weekend it was struck by a major ransomware attack, in yet another example of the financial repercussions of critical security gaps.
‘Muni’ officials claimed on Friday that the network usually brings in around $120,000 in fares on a weekend day.
However, the firm was forced to open the fare gates after it discovered the attack, in case the hacker was still inside the network and able to harvest passengers’ financial information, according to the San Francisco Chronicle.
With the gates open for at least a full day, that meant a hefty hit to Muni profits.
The attack was discovered in the evening of November 25. Around 900 office computers were taken out of action with the following message clearly visible on some:
“You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681.”
Muni refused to pay the 100 Bitcoin ($75,000) ransom to regain access to its systems, as it had backed-up key data as per best practice security.
However, the outage highlights again that any security event – particularly one with a severe operational impact like ransomware – will have a financial impact on the victim organization.
The SFMTA was charging customers again by the Sunday and had completed restoring office PCs by Monday, it claimed, but it will have to absorb the cost of remediation and clean-up on top of the lost passenger revenue.
Muni officials held firm despite threats by the hacker to release sensitive passenger information if it didn’t comply.
Law enforcers always urge organizations not to pay the ransom. Research from Trend Micro in the UK in September claimed that one in five victims that paid up over the past year didn’t even get their data back.
Alex Cowan, founder of security start-up Razor Secure, argued that the transport sector is particularly at risk of attack given the distributed nature of its IT assets and infrastructure.
“Security vulnerabilities exist in the most unlikely places throughout all transport networks and since these networks are by definition on the move and distributed, they can be much harder to protect,” he explained.
“They are characterized by weakness. Attacks on ‘non-critical’ networks, such as entertainment systems or passengers Wi-Fi may seem no more than inconvenient at the time but they can be a path to much greater access for the hacker.”