The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on Friday, causing fare station terminals to carry the message, "You are Hacked. ALL Data Encrypted." Turns out, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims as well as tantalizing clues about his identity and location.
On Monday, KrebsOnSecurity was contacted by a security researcher who said he hacked this very same cryptom27@yandex.com inbox after reading a news article about the SFMTA incident. The researcher, who has asked to remain anonymous, said he compromised the extortionist's inbox by guessing the answer to his secret question, which then allowed him to reset the attacker's email password. A screen shot of the user profile page for cryptom27@yandex.com shows that it was tied to a backup email address, cryptom2016@yandex.com, which also was protected by the same secret question and answer.
Live by the hack, die by the hack.
(Score: 2) by darkfeline on Sunday December 04 2016, @10:29PM
Yeah, information like that the hacker uses multiple email accounts and bitcoin wallets, rotating them regularly. Also, the hacker has made a lot of money and he uses a number of pseudonyms. Maybe he's from Russia or the middle east.
Fucking incredible, mark that as a victory for the good guys, am I right?
Join the SDF Public Access UNIX System today!