San Francisco’s Muni transit system was reportedly hit by ransomware since Friday, leading to the message “You Hacked, ALL Data Encrypted” being displayed on the computer screens at stations, according to newspaper reports.
The message asked that cryptom27 at yandex.com should be contacted for the key to unlock the data.
Fare payment machines at stations also displayed that they were “out of service,” and San Francisco's Municipal Railway, widely known as Muni, was allowing free rides on its light-rail vehicles as it was unable to charge customers, according to the Examiner.
The San Francisco Municipal Transportation Agency could not be immediately reached for comment on Sunday.
The ransomware is believed to be a variant of HDDCryptor, which uses commercial tools to encrypt hard drives and network shares, according to CSO’s Salted Hash. Trend Micro said in September that the malware is a threat both to consumers and enterprises as it not only "targets resources in network shares such as drives, folders, files, printers, and serial ports via Server Message Block (SMB), but also locks the drive."
On Sunday, the San Francisco Examiner was reporting that the computer systems at the transit system had been restored following the Friday malware attack. It said that a person who may have spread the ransomware was demanding $73,000 from Muni to unlock its data.
It isn’t clear at this point whether the transit system paid up to unlock its data or took other measures. The bitcoin wallet the attacker referred to in email communications referenced by Salted Hash was still empty late Sunday, suggesting that no payment was made at least into that wallet.