San Francisco Transit Hacker Gets Hacked

The hacker claiming responsibility for last week'south ransomware attack on the San Francisco Municipal Transportation Agency has been hacked.

At present that'southward an interestingly odd twist.

SecurityWatch According to security researcher Brian Krebs, the criminal—someone calling themselves 'Andy Saolis'—is the target of a alienation that revealed details almost other hacks allegedly that Saolis carried out.

Last Fri'southward hack meant free rides for all that night and into Saturday, as payment kiosks have been made inaccessible. Saolis later claimed responsibility and fielded questions from the media via email. On Mon, a security analyst accessed that email account by guessing the answer to Saolis' cloak-and-dagger question and resetting the password, the researcher, who chose to remain anonymous, told Krebs.

Based on messages obtained from the inbox and published by Krebs, Saolis on Friday contacted SFMTA infrastructure manager Sean Cunningham and demanded 100 bitcoin (Usa$73,000) in exchange for re-entry into SFMTA's encrypted servers.

"The SFMTA has never considered paying the ransom," an agency spokesman told PCMag. "We accept an information technology team in place that tin can restore our systems and that is what they are doing."

Still, Saolis has successfully extorted at least U.s.$140,000 from victims since August, Krebs reported.

Last week's SFMTA outage—which disrupted well-nigh 900 role computers—is not a targeted strike; instead, information technology appears the infection spread through a SFTMA employee with 'admin level' admission, whose PC had been used to download a software keycode generator carrying the malicious lawmaking.

"It's Show to You and Proof of Concept , Company don't pay Attending to Your Safe!" Saolis wrote in a message to PCMag on Monday, apologising for their broken English language. "If some Hacker Try to Hack Your Transportation Infrastructure Target-Based , information technology's Have More Impact!"

Saolis did not immediately answer to another request for comment.

Despite employee concerns virtually missing a paycheck, the San Francisco MUNI confirmed that there will be no impact to payroll services. Meanwhile, client payment systems have not been hacked and no data is accessed during the breach.