There was chaos on the San Francisco public train network this weekend as passengers traveled for free after a major ransomware attack took computer systems offline.
Photos taken in some of the stations show screens belonging to employees of San Francisco's Municipal Railway (Muni) displaying the following message:
“You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681.”
Ticket machines were out of service and barriers raised to allow passengers to travel free of charge following the attack on Friday, which is said to have taken out thousands of endpoint terminals and servers.
The hackers were apparently demanding 100 Bitcoins ($73,100) in return for the decryption key.
Jon Geater, Thales e-Security CTO, argued that robust cybersecurity techniques and trust management are essential to face down crises like this one.
“Cyber-security is not and cannot be a choice between ‘black and white’ or on and off – it’s about making an economic decision. This breach didn't directly take the barriers offline: the operator chose to turn them off and forego revenue, or catching fare cheats, in favor of protecting the wider system and possible further data losses,” he explained.
“Customers are likely to recognize this commitment and favor a company actively taking steps to protect its wider data eco-system.”
The past 12 months have been a busy time for ransomware writers.
The most recent stats from Check Point claim that volumes of the malware soared 13% from August to September, but worryingly, some AV tools are not doing their job.
Endpoint security firm Barkly claimed recently that 100% of organizations it spoke to who’d been hit by a successful ransomware attack in the past 12 months were running some kind of anti-virus software.
More concerning still is the fact that 43% of those firms didn't invest in any additional solutions following their ransomware infection.