Weekend of free rides follows ransomware attack on Bay Area transit

The San Francisco Municipal Transportation Agency is the latest of several institutions to experienced a ransomware attack on computer systems.

Karl Mondon/ San Jose Mercury News via AP/ File
Muni riders and pedestrians brave the rain ino the Financial District of San Francisco on Friday, Oct. 14, 2016.

San Francisco over the weekend became the latest city to have agencies hit with "ransomware" – a type of cyberattack that encrypts files, often refusing to decrypt them until hackers have received payment – continuing a trend of ransomware scammers targeting larger institutions.

The attack began on Friday and targeted computer systems associated with the San Francisco Municipal Transportation Agency's light rail system, affecting database servers, staff training records, emails, and even payroll systems. More than 2,000 of the 8,656 computers that transportation agency uses were affected, according to local news outlet Hoodline, and hackers demanded more than $70,000 in ransom – a fee they are unlikely to receive, Forbes reports, as the system is now back up and running. 

Ransomware is "like a thief locking you out of your house and charging a fee to let you back in," Mahendra Ramsinghani, a Silicon Valley venture capitalist who invests in security companies, told the San Francisco Chronicle. Initial ransomware attacks may involve locking out a computer and displaying pornographic or otherwise embarrassing images until victims pay small sums such as $10, according to the digital security agency Norton. In April, the Federal Bureau of Investigation estimated that ransomware demands could surpass $1 billion in 2016, CNN reported.

Recently, such attacks have begun to spread to larger institutions and corporations. In February, the Hollywood Presbyterian Medical Center fell victim to a malicious ransomware attack which seized control of the hospital’s computer systems and denied hospital workers access until about $17,000 in bitcoin was paid.

In March, ransomware hackers launched an attack on MedStar Health, a network of 10 hospitals in the Baltimore-Washington, D.C., area. And in June the University of Calgary announced that it had paid $16,000 to recover emails that had been encrypted for a week in a ransomware attack. Similar attacks have taken place against a county internet server in Indiana and, this week, one small-town Montana school system.

The most recent attack on the SFMTA shut down payment kiosks city-wide and displayed a message that read "You Hacked, ALL Data Encrypted" on agency computers. The attack effectively shut down access to the computer network, forcing officials to allow commuters free access to the city’s public transit system.

"There's no impact to the transit service, but we have opened the fare gates as a precaution to minimize customer impact," agency spokesperson Paul Rose told the local CBS affiliate. "Because this is an ongoing investigation it would not be appropriate to provide additional details at this point."

However, the incident left some passengers and employees nervous about the potential implications.

"I think it is terrifying. I really do," one passenger told CBS on Saturday. "I think if they can start doing this you know here, we're not safe anywhere." 

Meanwhile, transit employees questioned whether the agency would be able to access their systems in order to make payroll this week. As of Monday, however, online systems were back up and running, according to Forbes.

On Sunday, Mr. Ramsinghani, who said such ransomware attacks are rare for transit agencies, urged staff to be transparent about the ongoing investigation. 

"It is the duty of an agency such as SFMTA/Muni to inform people of what they have discovered," Ramsinghani told the Chronicle. "The fact that they have not stated anything tells me that there could be something deeper."

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.