SF Muni Hacker Threatens To Release Stolen Data


San Francisco’s Muni public transit system was hacked over the weekend. The hacker used a type of software called “ransomware” that takes control of computer systems until a ransom is paid. Now, the hacker in question says if he’s not paid he will release some 30GB of stolen transit data.

Reports of the hack first emerged on SFGate.com over the weekend. Then, on Sunday, the San Francisco Municipal Transportation Agency confirmed in a blog post that the Muni computer systems had been attacked. The hacker has demanded 100 bitcoins (approximately $73,000) to return the systems to regular use, but according to SFMTA’s post, the situation was already contained by Sunday. The Muni system has been offering free rides to users while they get the ticketing system back online.

In an email to Salted Hash, the hacker said that he had compromised not only the ticketing machines but also SFMTA’s email systems. The hacker is giving the agency until Friday to pay the ransom.

The use of ransomware for cyber attacks is growing. Unlike other forms of cyber attack where IT shops can restore systems using a clean backup version, ransomware takes control of the computer’s hardware in such a way that replacing hard drives may be required if the victim does not agree to pay the ransom.

Requests to SFMTA for an update on whether the agency has started replacing hardware have not been returned as of this writing.

The attack is being investigated by local law enforcement. It is unclear what the total costs to SFMTA will be if the agency has to replace hardware. The hacker claims more than 2000 sites were compromised including ticketing machines, laptops, servers and other devices.

Morphus Labs reported in September that it had seen a version of this type of ransomware in the wild already, dubbing it “Mamba”.