Image: Lowe Lugano / ShutterStock
Over the weekend, riders of San Francisco's municipal transit system (Muni) were allowed to travel for free because hackers had infected subway computers with ransomware. According to CSO Online, the attackers have demanded some $73,000 worth of bitcoin.
Now, the hackers have made a new threat: the release of 30GB of databases and documents belonging to the San Francisco Muni, including contracts and customer and employee data, if they don't receive payment.
“To Have More Impact to Company To Force Them to do Right Job!” the hackers, which used the moniker “andy saolis,” told Motherboard in an email exchange on Monday.
“Anyone See Something like that in Hollywood Movies But it’s Completely Possible in Real World!,” they added, presumably referring to the rather bizarre site of a public transport system becoming infected with ransomware.
“It’s Show to You and Proof of Concept, Company don’t pay Attention to Your Safety!” they continued. The hackers claimed to have infected over 2,000 of Muni’s systems, including payment kiosks and email servers.
According to CBS San Francisco, which first covered the hack on Saturday, the message “You Hacked” has been sprawled across Muni station monitors.
A commentator on Bleeping Computer indicated that the same hackers may have hit another target in September, and CSO Online reported that the ransomware behind the attack is a variant of HDDCryptor. According to a Trend Micro report from September, this particular strain of ransomware is pretty aggressive, targeting drives, folders, printers, and serial ports.
The hackers' latest threat appears to be on top of their use of ransomware. Often, hackers will deploy one tactic or the other: either, they will threaten a company with the release of internal data, or they will keep the victim's files locked down with malware. But seeing both in one go is fairly unusual.
However, it's not clear how many internal documents the hackers have actually stolen, if any. When asked several times to provide proof to back up their claims, the hackers told Motherboard they were still waiting for the company to contact them, and declined to send any sample files.
“we proof our capability before ! we don't want leak really but if they don't pay attention , it's will be our plan, [sic]” they wrote.
Update: This piece has been updated to clarify that the hackers are also threatening to release data about Muni customers.
from San Francisco Subway Hackers Now Threaten to Publicly Dump Data