Muni First Targeted By Ransomware, Now Faces Extortion Demand By Same Hackers

The big news over the weekend was how San Francisco’s municipal transit system has been affected by a major ransomware attack. Although most details remain hard to come by, it is quite evident that the people behind this attack are dead serious about their attempts. After demanding a 100 Bitcoin ransom, which probably won’t get paid, the hackers now threaten to dump 30GB of stolen information.

Ransomware Attack Turns Into A Potential Data Leak

Demanding US$73,000 worth of Bitcoin for a ransomware infection is not entirely surprising these days. Large companies and public transportation services are a prime target for Internet criminals. Not all of these attempts are successful every time, but in the case of this Muni attack, there is a lot at stake.

While the public transit system is dealing with this ransomware attack, passengers can just hop on rides without having to pay. This has cost Muni several thousands of dollars in fares over the weekend already, and this problem will remain until they can fully restore computer access. That process can take anywhere from a few days to multiple weeks, though.

The hackers, however, are not waiting around for their money, as they have issued a new threat to Muni. Allegedly, the criminals obtained roughly 30GB of databases and documents containing customer and employee data. If the payment is not made in the coming few days, all of that information will be released to the public. For the municipal transit system, that is the last thing they need right now.

What is rather intriguing is how the hackers feel that Muni has “to do the right job”. This is a rather odd statement, which leaves plenty of room for speculation. The fact that the public transport system got infected with ransomware is already worrisome enough, but having stolen data leaked on top of that is only making things  worse.

Companies need to pay much closer attention to their security measures, which are far too often inadequate. Considering how the hackers claim to control 2,000 of Muni’s systems, there could be some truth to their bold statements, assuming that there is any truth to their claims. Given the fact that all network computers are virtually locked and encrypted, it is difficult to prove otherwise right now.

The bigger question is whether or not the hackers will go ahead with their claims and release the databases to the public. If they do so, they will lose a significant portion of their leverage, which would not be in their best interests. Then again, they know that the Muni network is vulnerable to third-party attacks, and they may have the tools to conduct even more damage over the next few months.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.