Description
Over the holiday weekend, the San Francisco Municipal Transportation Agency became a victim to a ransomware attack. It locked up the Muni’s public transportation ticket machines resulting to free rides on trains and city buses. It was reported that the ransomware demanded $73,000 in exchange for giving back Muni’s data but the transporation agency avoided paying the ransom and was able to restore its systems back.
According to reports, the ransomware extortion message was visible at multiple Muni train station booths that said “You Hacked, ALL Data Ecnrypted.” It also gave an email address (cryptom27@yandex.com) which was seen tied to a ransomware family known as HDDCryptor.
Like another ransomware called Petya which we wrote about here, HDDCryptor is another variant the rewrites the computer’s master boot record boot sectors and locks out the victim from their computer.