San Francisco's Muni subway was unable to take payments from travellers over the weekend after ransomware infected the network, costing the city thousands in lost revenues.
According to Motherboard, the free travel hack lasted all of Saturday, with every screen in the San Francisco's Municipal Transit Authority just displaying a "You Hacked" notice.
The San Francisco Municipal Transportation Agenc (SFMTA) has not commented on the situation with no refernece to the issues on its website.
Motherboard reports that the transport agency did cough something to local news, saying that it had left its gates open as "a precaution to minimise customer impact" while it was "working to resolve the situation".
An additional report on the Hoodline website claimed the SFMTA was offered a choice between a one-off payment of around $70,000 in Bitcoin, or an indeterminable period of downtime. With daily losses to the SFMTA estimated at $559,000 the organisation may well be tempted to pay.
SF light-rail is free as the MUNI agency deals w/ a ransomware outbreak. Pay $73,000 or risk losing $559,000 per day https://t.co/iZQU354tHk— Jeremiah Grossman (@jeremiahg) November 28, 2016
This would be a lot of money to anyone, and we can't see that any agency as large as this one would endure such an attack for long.
Hoodline says that it is someone using the name Andy Saolis was behind the attacks, although that is a name commonly used to when ransomware attacks are uncovered.
It says that the Muni system has been downed by HDDCryptor ransomware, which targets Windows machines. Victims are presented with an email address, contacting that address leads to a response.
This is the reported response: "If You are Responsible in MUNI-RAILWAY ! All Your Computer's/Server's in MUNI-RAILWAY Domain Encrypted By AES 2048Bit! We have 2000 Decryption Key ! Send 100BTC to My Bitcoin Wallet , then We Send you Decryption key For Your All Server's HDD!! We Only Accept Bitcoin , it's So easy! you can use Brokers to exchange your money to BTC ASAP it's Fast way!"
Other documents seen by Hoodline show that the hackers claim control of "payroll, email servers, Quickbooks, NextBus operations, various MySQL database servers, staff training and personal computers for hundreds of employees." In total it says, " the hackers claim to control 2,112 of SFMTA's 8,656 computer network."
The transport agency told Hoodline that "the incident remains under investigation, so it wouldn't be appropriate to provide any additional details at this point."
EE, O2, Vodafone, Three and Airspan open the bidding
Worried about data privacy? Here are several ways to secure your Facebook account
The ICO is seeking an urgent warrant to investigate a major data breach - everything you need to know as the story continues to unfold