We’ve noted consistently how the medical industry has become a hotbed of ransomware attacks thanks to too many incompetent IT administrators, and too many hardware vendors for which security is a fleeting afterthought. In fact, hospitals are now seeing more than 20 ransomware attacks a day; attacks that in many instances have forced the cancellation of scheduled surgeries and wreaked havoc on the day-to-day operations of many in the healthcare sector.
But security incompetence isn’t restricted just to the healthcare industry. Last week, the San Francisco mass transit system learned this the hard way when hackers effectively took over transit systems used by the San Francisco Municipal Transit Agency, infecting them with ransomware and refusing to return control unless the city was willing to pay $73,000 in bitcoin. The hack hasn’t just disabled the city’s transit systems, but apparently has crippled the SF MTA’s payroll systems, email servers, Quickbooks, NextBus operations, various MySQL database servers, and staff training and personal computers for hundreds of employees.
All told, it’s believed that hackers compromised about 2,112 of the 8,656 computers attached to the SF MTA’s network. As a result, the city had to simply unlock all turnstiles and let riders ride the system for free as it tried to climb out from underneath the mess:
— KPIX 5 (@CBSSF) November 27, 2016
Like most ransomware attacks, the SF MTA is being told to make a payment to an anonymous bitcoin wallet if they want the key to decrypt compromised data on its hard drives:
“if You are Responsible in MUNI-RAILWAY !
All Your Computer’s/Server’s in MUNI-RAILWAY Domain Encrypted By AES 2048Bit!
We have 2000 Decryption Key !
Send 100BTC to My Bitcoin Wallet , then We Send you Decryption key For Your All Server’s HDD!!
We Only Accept Bitcoin , it’s So easy!
you can use Brokers to exchange your money to BTC ASAP
it’s Fast way!”
The SF MTA’s backups don’t appear to have been impacted, so it should be able to save at least some data (depending on how old they are). But local San Francisco news outlets say that SF MTA employees aren’t sure they’ll be getting paid this week, and the agency stands to lose around $559,000 per day for as long as it’s forced to suspend charging fares. All told it’s just another reminder that we have a lot of work to do securing necessary and highly vulnerable domestic infrastructure before we get too busy internationally expanding the cyber.