A discussion of a recent ransomware attack at the San Francisco Municipal Transportation Agency and the curious events that unfolded afterwards.
These days, it is not uncommon to read about yet another business or organization falling victim to the devastating effects of a cyber attack. Case in point: in November, the San Francisco Municipal Transportation Agency was the victim of a ransomware attack that caused fare station terminals to all display an ominous message. What happened next, though, makes this one of the more unique cyber events in recent memory.
In late November, SFMTA was hit by a ransomware attack that caused all fare terminals to display the same message: “You are Hacked. ALL Data Encrypted.” This is nothing new, but what makes this situation so unique is that the person behind the initial ransomware attack was hacked himself. In the process, it revealed details about not only other victims, but also about who he really is and where he is located.
Problems for this would-be hacker began when he left an email address for SFMTA to use to make contact with him. The address, firstname.lastname@example.org, could be used to pay the approximately $73,000 ransom and obtain the keys necessary to decrypt all of the station’s files.
However, a few days later security researchers were contacted by someone who claimed to have hacked that cryptom27 email address after reading a news article about the San Francisco Rail System situation. The original hacker’s inbox was breached by simply guessing the answers to his security questions. His email password was then reset, giving the second hacker complete access.
The information obtained during this second breach is very valuable for those who wish to avoid falling victim to similar attacks in the future. It was learned that the average extortion attempt for this person ranged between $45,000 and $70,000 or more and that he had even recently breached a manufacturing firm based in the United States. He was also in the habit of switching Bitcoin wallets every few days, rarely going more than a week or two without making the change.
Security is Important For Hackers, Too
All told, this person was smart enough to extort approximately $140,000 from victims over the years. Yet at the same time, he fell prey to something that is one of the most common blunders in the world of cyber security: using password or security question information that is too easy to guess.
In the end, the curious case of the San Francisco Rail System hack should serve as a valuable lesson about the current state of cyber security. Regardless of how you may try or how many precautions you may take, NOBODY out there is safe from hackers – even people who may be doing a little hacking themselves. This is one lesson that the SFMTA attacker likely won’t soon forget. As of December 2016, the original hacker has yet to be brought to justice. However, with the amount of personal information that is now known about him, he’s no doubt having trouble sleeping at night.
Hammett Technologies is incredibly proud to be your go-to source for all of the important news, tips, tricks and best practices that you need to leverage the power of modern technology to your advantage. If you’re in Washington, DC or Baltimore and would like to find out more about these or any other related topics, please don’t delay – contact us today by phone at (443) 216-9999 or by sending us an email at email@example.com.