People using San Francisco's Muni public transportation, which consists of buses, streetcars, Metro light rail and cable cars, rode for free over the holiday weekend. [...] Some of those people thought the free rides were part of a Thanksgiving gift or "Black Friday deal," but anyone who happened to glance at San Francisco Muni station computer screens knew better. On Friday and Saturday, the screens all displayed:
You Hacked, ALL Data Encrypted, Contact For Key(cryptom27@yandex.com)ID:681 ,Enter Key.
[...] SFMTA spokesman Paul Rose said the hack was discovered on Friday, but all fare machines were back to normal on Sunday. The "Muni subway fare gates were locked in an open position and could not be electronically closed;" Rose claimed the fare gates were intentionally opened to promote free Muni service.
It was not a targeted attack, according to the San Francisco Examiner. After the news outlet contacted the Yandex email address listed in the ransom note, someone going by "Andy Saolis" claimed the ransomware "infected an admin level computer after someone at SFMTA downloaded a torrented computer file, a software keycode generator."
(Score: 0) by Anonymous Coward on Tuesday November 29 2016, @05:58AM
On the one hand, paying the ransom for decryption is the easy way out, especially if you can afford it.
On the other hand, the attacker cannot be trusted on principle, might take your money and run, and could launch further attacks for spite.
(Score: 2) by charon on Tuesday November 29 2016, @06:09AM
(Score: 2) by Scruffy Beard 2 on Tuesday November 29 2016, @06:11AM
In an ideal world, off-site, off-line, verified backups would solve the problem.
(Score: 3, Funny) by Anonymous Coward on Tuesday November 29 2016, @06:17AM
The same ideal world where frictionless spherical cash cows give basic income?
(Score: 2) by kazzie on Tuesday November 29 2016, @07:15AM
Hey, don't give away all my business secrets!
(Score: 0) by Anonymous Coward on Tuesday November 29 2016, @07:44AM
I have been hacked too, most likely by javascript on an ad. That was several years ago. You guys saved my ass on that one.
Since then its NoScript, and if MalwareBytes couldn't clean up the mess, CloneZilla.
I had backups and it took me several days to recover most everything. Now, using the wisdom some of you shared with me, if it should happen again, I will be down less than an hour - thanks to CloneZilla, where the disk images mean I won't have to re-install and get authenticated on everything again.
Personally, this kind of thing is do-able for me, but should I have this happen to me in the corporate world, where other people have to be involved - especially non-technical types whose expertise is in leadership, not technical stuff, I could see where this kind of thing could be a major undertaking. I have been there, done that, where minor snags turn into multimillion dollar fiascos, eventually solved by the leadership skills of throwing a helluva lotta money ( provided by investors ) at the problem, earning substantial bonuses for the leadership team in the process.
No wonder our computational infrastructure is in such an untrustworthy mess when the people running the show seem to be paid by the fuchup.