A major ransomware attack on the San Francisco transport system saw passengers travel for free after hackers demanded $70,000, or 100 bitcoin.
Ransomware attacks have reached fever pitch in the US, but this is the first time that an entire city transport system has been held for ransom.
As a precaution, staff at the San Francisco Municipal Transport Agency shut off the ticketing systems across the city’s light rail system, the Muni.
It is understood that the attackers used a variant of the HDDCryptor malware to infect 2,112 computers at the weekend, encrypting the data on the machines and preventing them from operating as normal.
Every computer had a black screen with a ransom note written across it, stating: “You Hacked, ALL Data Encrypted. Contact For Key (firstname.lastname@example.org)ID:681, Enter.”
In a statement given to online tech site The Verge, the hackers said: “We don’t attention to interview and propagate news ! our software working completely automatically and we don’t have targeted attack to anywhere ! SFMTA network was Very Open and 2000 Server/PC infected by software ! so we are waiting for contact any responsible person in SFMTA but i think they don’t want deal ! so we close this email tomorrow!”
The scourge of ransomware
A report in August from IT security player Malwarebytes indicated that almost 40pc of enterprises have been hit by some form of ransomware in the past 12 months.
Almost half of the attacks originated from email phishing attacks and more than 40pc of those hit by attacks paid out.
Last year, Cisco, with the help of Level 3 Threat Research and Limestone Networks, identified the largest Angler exploit kit operation in the US, which targeted 90,000 victims every day and generated tens of millions of dollars a year by demanding ransoms off victims.
Cisco estimates that, currently, 9,515 users in the US are paying ransoms every month, amounting to an annual revenue of $34m for certain cybercrime gangs.