Hackers are demanding a whopping $70,000 from the San Francisco Transport Agency as ransom. The hackers, who operate under behind shadowy email addresses, managed to attack the San Francisco transport system and disrupt operations.
According to reports, the disruption occurred early on Tuesday morning. Users realised that some basic functionalities of the system were not working normally. For example, ticketing systems were down, and this caused disruptions to the operations of the entire transport system.
While acknowledging the occurrence of the hack, a spokesperson for the agency said that they were experiencing internal problems as a result of a breach of their systems. The spokesperson further said that the situation was under control and that the authorities were investing crucial leads that would help them unravel the magnitude of the problem.
But in a quick rejoinder, the hackers claimed that they had successfully hacked into a Windows 2000 server of the agency. They also said that they were holding more than 30GB of critical data of the agency. And in a style that has now become typical of cyber criminals, they threatened to leak all the data to the public if the San Francisco Transport Agency did not heed their demands.
The hackers have remained anonymous, so far. However, one of the things that the general public has managed to get is that the hackers hide behind multiple addresses associated with a special type of ransomware. The ransomware in question is HDDCryptor. Cybercriminals have been increasingly using this form of malware in the recent past for extortion purposes.
According to Trend Micro, an internet security firm, HDD Cryptor works by attacking the data that people store on their drives. The ransomware then systematically encrypts and locks all the data in the target computer. Criminals use this complex capability of HDD Cryptor to hijack computers and hold institutions and individuals at ransom secretly.
No Ransom Paid
The San Francisco Transport Agency insists that no ransom has been paid. The agency goes on to say that everything is now back to normal. The official position of the agency sounds credible, going by the most recent rants by the cyber criminals. In broken English, the cybercriminals have been issuing fresh demands to the authorities. They have also been saying that the agency has failed to protect the privacy of its clients and that they (the criminals) are willing to help!
It remains to be seen what will follow. On the one hand, it appears that a ransomware attack, which would have made news as one of the biggest attacks in recent history, has failed. On the other, the cybercriminals behind the attack are still issuing threats and posing as if they are still in control of the situation.