San Francisco over the weekend became the latest city to have agencies hit with "ransomware" – a type of cyberattack that encrypts files, often refusing to decrypt them until hackers have received payment – continuing a trend of ransomware scammers targeting larger institutions.
The attack began on Friday and targeted computer systems associated with the San Francisco Municipal Transportation Agency's light rail system, affecting database servers, staff training records, emails, and even payroll systems. More than 2,000 of the 8,656 computers that transportation agency uses were affected, according to local news outlet Hoodline, and hackers demanded more than $70,000 in ransom – a fee they are unlikely to receive, Forbes reports, as the system is now back up and running.
Ransomware is "like a thief locking you out of your house and charging a fee to let you back in," Mahendra Ramsinghani, a Silicon Valley venture capitalist who invests in security companies, told the San Francisco Chronicle. Initial ransomware attacks may involve locking out a computer and displaying pornographic or otherwise embarrassing images until victims pay small sums such as $10, according to the digital security agency Norton. In April, the Federal Bureau of Investigation estimated that ransomware demands could surpass $1 billion in 2016, CNN reported.
Recently, such attacks have begun to spread to larger institutions and corporations. In February, the Hollywood Presbyterian Medical Center fell victim to a malicious ransomware attack which seized control of the hospital’s computer systems and denied hospital workers access until about $17,000 in bitcoin was paid.
In March, ransomware hackers launched an attack on MedStar Health, a network of 10 hospitals in the Baltimore-Washington, D.C., area. And in June the University of Calgary announced that it had paid $16,000 to recover emails that had been encrypted for a week in a ransomware attack. Similar attacks have taken place against a county internet server in Indiana and, this week, one small-town Montana school system.
The most recent attack on the SFMTA shut down payment kiosks city-wide and displayed a message that read "You Hacked, ALL Data Encrypted" on agency computers. The attack effectively shut down access to the computer network, forcing officials to allow commuters free access to the city’s public transit system.
"There's no impact to the transit service, but we have opened the fare gates as a precaution to minimize customer impact," agency spokesperson Paul Rose told the local CBS affiliate. "Because this is an ongoing investigation it would not be appropriate to provide additional details at this point."
However, the incident left some passengers and employees nervous about the potential implications.
"I think it is terrifying. I really do," one passenger told CBS on Saturday. "I think if they can start doing this you know here, we're not safe anywhere."
Meanwhile, transit employees questioned whether the agency would be able to access their systems in order to make payroll this week. As of Monday, however, online systems were back up and running, according to Forbes.
On Sunday, Mr. Ramsinghani, who said such ransomware attacks are rare for transit agencies, urged staff to be transparent about the ongoing investigation.
"It is the duty of an agency such as SFMTA/Muni to inform people of what they have discovered," Ramsinghani told the Chronicle. "The fact that they have not stated anything tells me that there could be something deeper."