The San Francisco Public Transit Ransomware Attack: What We've Learned

A recent cybersecurity incident on the West Coast is a reminder that anyone can be hit by a cyberattack. During the Thanksgiving weekend, the San Francisco Municipal Transportation Agency, sometimes called Muni or SFMTA, was the victim of a ransomware attack that affected internal computer systems including email and ticketing.

The hacker's goal was to extort 100 bitcoins ($73,000) from the SFMTA for the release of its systems. While the SFMTA denied paying the ransom and restored its systems on its own, it's important to note that network security insurance can insulate businesses and organizations against incidents of cyber extortion as seen here.

While Muni has declined to release any additional information about its infected computers at this time, here is what we already know:

All Your Data Belongs to Us

On Black Friday, Muni station agents entered their booths and offices to find a cryptic message blocking access to their computer screen: "You Hacked, ALL Data Encrypted" and an email address promising to return access once the payment was made.

The malware infected about 2,000 of SFTMA's 8,000 computer systems and gained access to physical ticketing machines, forcing Muni to honor free rides to its passengers over the Thanksgiving weekend. Additionally, Muni bus drivers resorted to using hand-written route assignments.

The alleged hacker, identifying himself as "Andy Saolis," locked SFMTA's systems using a complex form of computer encryption. While encryption is typically used to protect transfers and communications between devices, cybercriminals can employ the technique to lock out legitimate users until they pay for the key to their own network.

By Sunday, Muni systems were restored and an official statement released:

"Transit service was unaffected and there were no impacts to the safe operation of buses and Muni Metro. Neither customer privacy nor transaction information were compromised. The situation is now contained, and we have prioritized restoring our systems to be fully operational."

However, some security experts worry that employee data may have been lifted or that the malware is still infect some computer. In short, the results of this hack are yet to be revealed. Worse, the agency's expected to lose approximately $559,000 each day they were unable to collect fares.

Coverage You Can Trust

This is not the first time a transit network has been hacked. In the past few years, similar incidents have occurred in Poland, Boston and New Jersey, sometime resulting in derailed vehicles.

While SFMTA credits in-house staff with recovering their systems, some companies won't be so lucky as malicious and crafty hackers can starve SMBs until the pay up. Believe it or not, the FBI recommends that users fork over the cash if their devices are infected with ransomware.

Thankfully, network security insurance policies provided by cyber insurance companies like CyberPolicy can safeguard small businesses against extortion. To help our customers tackle the risk of doing business online, we also offer insurance coverage for data breach, identify recovery, computer attack, network security and electronic media liability.

Interested in learning more? Visit CyberPolicy today to secure your business.

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375