It sounds like the plot of a blockbuster movie: a metropolitan transit system is hit by a ransomware attack that freezes its entire ticketing infrastructure.
A message from the hacker is splayed across the terminals’ public displays: “You are Hacked. ALL Data Encrypted.”
But then, all of a sudden, the extortionist is infiltrated by a digital Robin Hood. Justice is served — the hacker gets hacked.
That’s the scenario that actually played out in San Francisco last week, when the computers at the San Francisco Municipal Transportation Agency (SFMTA) were taken over by a hacker. The hacker — who most blogs are referring to as “he,” but it very well could be “she” — encrypted their files, claiming to have compromised thousands of the transit system’s computers.
He demanded 100 bitcoins — roughly the equivalent of $95,000 — for the key to unlock the data and return control of the public ticket machines. He also posted his email address so transit administrators would know how to reach him for the ransom payment, but it wasn’t just the SFMTA who decided to look into the origins of the email account.
After reading the news about the attack, a security researcher, who has chosen to remain anonymous, decided to turn the tables on the hacker. Despite the high-tech nature of this particular breed of extortion and the hacker’s effort to anonymize his identity, the researcher gained access to the extortionist’s emails with a little bit of logic and luck.
All he did, according to the security blog Krebs on Security, was guess the answer to the hacker’s secret question, which then allowed him to reset the attacker’s email password. But while he was in his inbox, he found records of ransomware attacks against multiple targets, dating all the way back to August.
Anyone can be a victim
Eventually, the SFMTA got everything back up and running (the FBI’s investigation is ongoing), and for most people, the hacking was little more than an amusing story. But there’s risk in thinking that only large organizations in big cities are being targeted for these kinds of attacks; in truth, anyone can become a victim — from an email user who clicks a misleading, infected email, to a large organization with vulnerabilities somewhere in their digital infrastructure.
To a certain extent, the strategy of these criminals seems to be if they cast a wide enough net, they’ll catch something. That’s why everyone needs to be vigilant, educated and mindful of this growing digital threat.
Just last week, students at Carleton University were being warned that some of the school’s computers had been infected by ransomware. Days later, Ryerson University, where I teach, was targeted. An email to university employees read that “an email claiming to contain an invoice was received and opened by a Ryerson employee,” and that when the file was opened, a message surfaced saying “the machine had been infected and encrypted files would be released in exchange for a ransom payment.”
Carleton University says it didn’t pay hacker’s ransom
That same day, I was contacted about a similar story of a ransomware attack — this time, against a small business in Newfoundland. All of this is to say, when it comes to the risk of ransomware, no one is immune. In their 2016 threats report, security firm McAfee projected that, “For the foreseeable future, ransomware will remain a major and rapidly growing threat, fuelled by anonymizing networks and payment methods.”
So what can you do to try to steer clear of this kind of online extortion? First and foremost, keep software current. Even some of the biggest corporations have made the mistake of failing to update their systems. An out-of-date system is more vulnerable to these kinds of breaches, and software updates usually contain security patches.
Back up your devices
There are also products on the market that can help guard against malware attacks, but there is another step you can take right this very moment: back up your devices. Ransomware attacks encrypt data and hold your files hostage for ransom. But if you have a copy of your files, you don’t need to pay hackers to get them back. You just need to restore your files, reset your passwords and run a software update to secure any vulnerabilities.
That’s how the San Francisco transit department — who say they never had any intention of paying the ransom — got their happy ending: an information technology team restored their system from backed-up files, and the SFMTA was able to shrug off the hacker’s threat. And like all great blockbusters, the villain lost out.