Karma is a bitch. The hackers who infiltrated SFMTA’s computer system last weekend got hacked themselves, according to this Forbes story. After the Forbes reporter contacted the hacker via the email address in the hacker’s error message display, the reporter received a response from someone who claims to have taken over access of the account to turn the ransomware hackers over to the FBI.
The ransomware hackers had shown this message on Muni’s computer screens: “You Hacked, ALL Data Encrypted. Contact For Key([email protected])ID:681 ,Enter.” This allowed reporters to contact the hackers, and now the FBI is on the case, according to the Examiner.
In case you missed it this last weekend, a part of Muni’s computer network was held hostage last weekend when hackers demanded $73000 to be paid in order to release the files. You might have thought that the “Free Metro” signs was a Thanksgiving gift from Muni to you, but no, it was a bit of cyber criminal activity at work.
The hackers who gained access to the [email protected] email account showed Forbes that there is about $27,000 in the ransomeware hackers’ Bitcoin account, though we don’t know if the money came from previous ransomware sprees. However, we do know that none of it came from the SFMTA.
SFMTA’s Paul Rose had told the Examiner that they never considered paying the ransom, even though hackers had extended the deadline by five days.
“The primary impact of the attack was to approximately 900 office computers. The SFMTA’s payroll system remained operational, but access to it was temporarily affected. There will be no impact to employees’ pay,” SFMTA’s Kristen Holland said in an official statement. “The SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports – no data was accessed from any of our servers.” She also says that the SFMTA turned off the fare gates as a precaution last weekend. Systems were restored on Monday.