The San Francisco Municipal Railway system (known as MUNI to locals) was hacked at the weekend and while this sounds like a plot point lifted straight from Watch_Dogs 2, this is very much real life.

At the weekend, MUNI riders were greeted with notices on ticketing machines which read “Out of Service” and “Metro Free”. Displays at MUNI stations however displayed a much more ominous message. The “Metro Free” message was displayed because MUNI was unable to process fares.

“You Hacked, ALL Data Encrypted. Contact For Key([email protected])ID:681 ,Enter.”

According to the BBC, the hack is a result of ransomware and the hackers are demanding 100 bitcoin (~R1 million) in exchange for the encrypted data.

What data?

The hackers appear to have compromised much more than the transport system. Payroll, email servers and various MySQL databases have been compromised according to the hackers. Hoodline has reportedly contacted the hackers who revealed that as many as 2 112 computers in the San Francisco Municipal Transit Agency were compromised.

The ransomware that has affected MUNI appears to be HDDCryptor (sometimes known as Mamba) which encrypts a hard drive and requires a password to unlock it.

In a follow up email to Hoodline the hackers said, “say to company owner we are waiting one more day for deal and after it this email closing for security reason!”

While service was restored to MUNI on Sunday morning it’s unclear whether the hackers will strike again.

[Image – CC BY 2.0 Jeff Gunn]