For all Muni Metro passengers knew, the free rides they were getting Friday night and Saturday were a holiday gift from the transit system. Little did they know Muni was under attack from a hacker trying to squeeze $73,000 in ransom to unlock the agency’s computer systems.
Muni refused to pay up. Instead, officials shut down the system’s ticket machines, threw open the fare gates as a precautionary move, and contacted the Department of Homeland Security and their own technology division to contain the attack, they said.
“Considering paying that ransom was never an option,” said Paul Rose, an MTA spokesman.
I like the sound of that.
The anonymous hacker used a ransomware attack — malicious software sent via email — to lock up employee computers at 900 workstations, shut down Muni’s email system and knock out the time-tracking portion of its payroll system, Rose said.
The hacker displayed messages on otherwise dark computer screens declaring “You hacked,” and asking for 100 bitcoins, a digital currency, or about $73,000. Muni never communicated nor negotiated with the hacker, Rose said. Instead, Muni officials relied on advice from federal officials and a backup system to restore the network.
Apparently the attack didn’t reach the Muni control systems or customer records; the hacker supposedly announced that he had customer records, but Muni says no chance.