There is a surge in ransomware attacks and more often than not the hackers demand the ransom in bitcoin. Ransomware is a type of malicious software that blocks all access to computer systems until a sum of money is paid.
The latest victim of such an attack is the San Francisco Municipal Transportation Agency (SFMTA) which compromised office admin desktops, CAD workstations, email and print servers, employee laptops, payroll systems, SQL databases, lost and found property terminals, and station kiosk PCs, The Register reported. Out of roughly 8,500 PCs, Macs and other boxes on the agency’s network, 2,112 computers were reportedly infected.
The hack has been carried out via a variant of?the HDDCryptor malware, which infects a system after an employee accidentally opens an executable file in an email or downloads it. Once downloaded, the malware spreads out across the system.
HDDCryptor and its variants encrypt local hard drives and network-shared files and overwrite the hard disks’ MBRs, where possible, preventing the systems from booting up properly. After SFMTA?s systems were infected, they were rebooted by the malware which then displayed the message:
“You Hacked, ALL Data Encrypted, Contact For Key ([email?protected]) ID:601.”
According to The Register, the hackers have demanded 100 bitcoins (approximately $73,000) to unlock the data. They have also offered to decrypt one machine for one bitcoin to prove that the system can be unlocked.
“If You are Responsible in MUNI-RAILWAY ! All Your Computer’s/Server’s in MUNI-RAILWAY Domain Encrypted By AES 2048Bit! We have 2000 Decryption Key ! Send 100BTC to My Bitcoin Wallet , then We Send you Decryption key For Your All Server’s HDD!! We Only Accept Bitcoin , it’s So easy! you can use Brokers to exchange your money to BTC ASAP it’s Fast way!?, the hackers? message reads, as quoted by Hacked.com.
The Department of Homeland Security and the FBI are reportedly working on the case. Latest reports suggest that fare machines are back online, but rest of the network still seems to be under the control of the hackers.