Riders using San Francisco’s Municipal Railway (MUNI) got an unexpected Thanksgiving gift on Black Friday, when they discovered “Out of Service” and “Metro Free” signs posted on ticket machines that afternoon and Saturday. It appears that MUNI’s computerized fare system was the victim of a ransomware attack that ultimately forced it to shut down.
Like most ransomware, it appears a hacker has encrypted MUNI’s files and is demanding payment to get a key to unlock them. If there was any doubt as to the cause, the computer screens at MUNI stations reading “You Hacked, ALL Data Encrypted. Contact For Key(firstname.lastname@example.org)ID:681 ,Enter” should answer those questions. So far a spokesman has been reluctant to give out much information, but did give assurances that they are working to resolve the situation. Not that commuters are complaining about the free rides.
A hacker going by the same handle has been linked to the malware strain Mamba that has similar fingerprints as the one used in the MUNI attack, but this isn’t the only high-profile ransomware attack in California this year. In February, Hollywood Presbyterian Medical Center was locked out of their files by a group demanding $3.6 million to regain access.