Trainspotting: Hackers Attack the Sacramento Transit System

It's a common scam that goes by many names. In mob movies like The Godfather or Good Fellas, it's referred to as a 'shakedown' or 'protection money.' In the corporate world, it's known as 'extortion' and 'blackmail.' But in the realm of cybersecurity, it's most commonly referred to as 'a ransom payment.'

Below, CyberPolicy examines the ransomware attack that hit computers at the Sacramento Regional Transit system (SacRT) in late November. If you want to protect your business from cyber scams and shakedowns, you need to invest in cybersecurity insurance.

Cybersecurity insurance protects businesses from the financial damages brought on by criminal hackers. Make the smart choice and find a cybersecurity insurance provider right for you – before it's too late.

The Modern Train Robbery

On Saturday, November 18th, a strange message popped up on the SacRT homepage. \"I'm sorry to modify the home page, i'm good hacker, i I just want to help you fix these vulnerability. This is one of the loopholes, modify the home page ..,"\" it read, reports the Sacramento Bee.

Believe it or not, this behavior is pretty typical of cyber crooks. Not only do hackers consider themselves testers of cyber defenses; they also get a kick out of bad spelling and grammar.

But the problem wasn't just cyber vandalism. By the next day, the cyberattack had evolved into a ransomware scam. The offending malware started erasing data, threatening to do more damage unless victims paid a price—one bitcoin, to be exact. That's the equivalent of $8,000.

According to SacBee, \"The attack erased parts of computer programs on the agency's servers that affect internal operations, including the ability to use computers to dispatch employees and assign buses for routes.\" However, rail and bus services themselves were not affected.

The nefarious actor sent a Facebook message to SacRT that same day: \"hello, I will always attack your website, we are hackers. we can do everything. Pay us now to stop attacking.\" Fortunately, SacRT was able to restore its website in the days after. Although, the hacker was first able to destroy 30 million of the system's 100 million files.

This is hardly the first time this sort of thing has happened. CyberPolicy actually covered a similar attack on San Francisco Public Transit in late 2016.

There are some encouraging details in the Sacramento story though. First, SacRT was wise enough to intentionally shut down its payment processing systems. This helped protect consumer information from falling into the wrong hands. In fact, the organization said no information was stolen from its systems.

Another smart move by SacRT was to continuously back up its data. This helped the organization recover up to 80 percent of the data lost!

"Once fully restored, we intend to go through a deeper forensic look to make sure we didn't miss anything," says Operations Chief Mark Lonergan.

Despite the rather unsavory events, SacRT responded in the best way possible. This helped limit the fallout of the attack on the organization and their riders.

Are you ready to make the smart decision in the event of a cyberattack? CyberPolicy is happy to help you find the cybersecurity insurance provider right for your business. Explore your cyber insurance options today!

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375