Connecting state and local government leaders
The transit agency is in the process of recovering 30 million backup files.
Hackers erased data in Sacramento Regional Transit computer systems and asked for 1 bitcoin, worth $8,000, in ransom—lest they attack again.
Internal operations programs for dispatching employees and assigning buses to routes were targeted, The Sacramento Bee reported, but rail and bus service continued unaffected and data wasn’t stolen.
While systems are secured, the agency’s website and credit card processing were impacted.
“This was about destruction,” Mark Lonergan, SacRT’s chief operating officer, told the Bee.
The weekend attack is reminiscent of the ransomware incident that targeted the San Francisco Municipal Transit Agency on Black Friday of last year. In that incident, hackers encrypted Muni data and disrupted email and demanded 100 bitcoin, or $73,000 at the time. Muni turned off its payment machines until systems could be reset, Wired reported at the time, which meant free rail rides for the weekend.
In both cases the ransom demand was refused, and Sacramento RT’s separate, cloud-based mobile fare app remains enabled.
The crime was reported to federal authorities, and the transit agency has already ascertained the attack—the first of its kind an agency in California’s capital city has faced—was the result of the investigation into a hacker’s message defacing the agency homepage, which triggered the data erasure.
SacRT is in the process of recovering 30 million backup files.
Muni’s hacker or hackers found themselves hacked shortly after the Black Friday attack, Krebs on Security reported last year, by a security researcher who guessed the extortionist’s email secret question and reset the inbox password. Inbox contents revealed the hacker had extorted at least $140,000 in Bitcoin, largely from manufacturing firms, keeping rotating wallets for security.
Dave Nyczepir is a News Editor at Government Executive’s Route Fifty and is based in Washington, D.C.