San Francisco Transit Hack

A couple days back from the time of writing this, San Fransisco’s Municpal Transportation Agency declared the city’s “Muni” transit system was hacked. Thankfully the trains themselves were left unaffected but the computer systems themselves that manage the terminals, schedules, employee details etc, were attacked by a variant of ransomware taking the city systems hostage for about 73,000 USD (but wanting the currency in the more commonly used attack preference of bitcoin.)

According to a few officials, only a quarter (or about 2100 of 8700) systems were affected and that the city was able to confirm that their backups were left untouched. While investigation is still ongoing, some are citing the attackers stem from Russia following an email contact being in association with  “Yandex” or the Google of Russia. Others sources are also citing the malware was spread and initiated due to a tactic of spearphising amongst city employees who were tricked into opening either a deceptive email or website.

According to Kreb’s on Security The attacker also uses the pseudonym “Andy Saolis” and as implemented similar attacks and has successfully retrieved millions of dollars in Bitcoin payments since August of 2016. The attacker also typically uses a particular strain of ransomware such as MAMBA and HDDCryptor.

How To Protect  Oneself From Ransomware:

Unfortunately, Ransomware is a tricky devil of malware to deal with and often an uphill battle in ridding itself of it (Even already encrypted drives simply get re-encrypted further). It’s gotten to the point where even FBI agents have somewhat implied to Pay the ransom if troublesome. So what can one do?

  1. Keep updated backups in an offline and non-networked storage
    • Ransomware will target networked drives anyhow and encrypt them so make it as hard as possible for your system to be targeted
  2. Avoid  “sketchy” emails and weblinks and file extensions.
    • tag extensions such as .hta, .jpe and suspiciously named .ppt docx. files
  3. See if theres an unlocker program available if infected
    • some companies have begun to develop unlocking kits with some ransomware groups even have providing the keys to unlocking the encryption which is dutifully needed when deelign with asymettric encryption
    • Here is a list of commonly encrypted extensions
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s