San Francisco Transport Network Hacker Gets Hacked

hacker hacked san francisco transport
A San Francisco Municipal Railway train drops off passengers in a San Francisco neighborhood, March 1, 2010 REUTERS/Robert Galbraith

A hacker who held San Francisco's light railway system ransom with malicious software has themselves been hacked, uncovering details of several other companies being extorted.

The San Francisco Municipal Transportation Agency (SFMTA) was targeted with ransomware—malicious software that blocks computer systems until a sum of money is paid—last week, resulting in some passengers travelling for free over the weekend.

"The SFMTA was a victim of a ransomware attack," Kristen Holland, a spokesperson for the SFMTA, said in a statement on Monday. "This cybercrime disrupted some of our internal computer systems, including email.

"The system is now contained, and we have prioritized restoring our systems to be fully operational."

The hacker responsible left a message on computer screens at stations that stated: "You Hacked," along with an email address through which the hacker could be contacted in order to pay the ransom. It was through this email address that another hacker was able to hack into.

The SFMTA never considered paying the ransom as it had a backup system that allowed most affected computer systems to be restored, but data from the hacker's breached email suggests other organisations were not so fortunate.

The victims were mostly manufacturing and construction firms based in the U.S., according to cybersecurity expert Brian Krebs, who was shown the hacked emails by the second hacker, who came forward on condition of anonymity.

Among the victims was China Construction of America, who paid 24 bitcoins ($17,544) on Sunday, November 27, after negotiating down from the original demand of 40 bitcoins.

"The data leaked from this one actor shows how successful and lucrative ransomware attacks can be, and how often victims pay up," Krebs said in a blogpost. "As the SFMTA's experience illustrates, having proper and regular backups of your data can save you bundles…But unsecured backups can also be encrypted by ransomware."