San Francisco Transit Hacker Gets Hacked


The hacker claiming responsibility for last week's ransomware attack on the San Francisco Municipal Transportation Agency has been hacked.

According to security researcher Brian Krebs, the criminal—someone calling themselves "Andy Saolis"—was the target of a breach that revealed details about other hacks allegedly carried out by Saolis.

The Friday hack meant free rides for all that night and into Saturday, as payment kiosks were inaccessible. Saolis later claimed responsibility and fielded questions from the media via email. On Monday, a security analyst accessed that email account by guessing the answer to Saolis' secret question and resetting the password, the researcher, who chose to remain anonymous, told Krebs.

Based on messages obtained from the inbox and published by Krebs, Saolis on Friday contacted SFMTA infrastructure manager Sean Cunningham and demanded 100 bitcoin ($73,000) in exchange for re-entry into SFMTA's encrypted servers.

"The SFMTA has never considered paying the ransom," an agency spokesman told PCMag. "We have an information technology team in place that can restore our systems and that is what they are doing."

Saolis, however, has successfully extorted at least $140,000 from victims since August, Krebs reports.

Last week's SFMTA outage—which disrupted about 900 office computers—was not a targeted strike; instead, it appears the infection spread through a SFTMA employee with "admin level" access, whose PC was used to download a software keycode generator carrying the malicious code.

"It's Show to You and Proof of Concept , Company don't pay Attention to Your Safety !" Saolis wrote in a message to PCMag on Monday, apologizing for their broken English. "If some Hacker Try to Hack Your Transportation Infrastructure Target-Based , it's Have More Impact!"

Saolis did not immediately respond to another request for comment.

Despite employee concerns about missing a paycheck, the San Francisco MUNI confirmed that there will be no impact to payroll services. Meanwhile, customer payment systems were not hacked, and no data was accessed during the breach.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    What IT Pros Need To Know About Hiring Cyber Security Hunt Teams

    In response to sophisticated cybersecurity threats which have emerged in the past few years, some organizations in industry and government have formed groups known as "hunt teams" to defend their networks.The qualifications cited in the presentation suggest hunt team members should have advanced intrusion detection and malware analysis skills, data science and programming skills, and a creative, analytical mindset.
  • 5300c769af79e

    That Was Fast: Apple Pay Rival CurrentC Is Dead

    The Merchant Consortium Exchange (MCX), a group of merchants that were planning to build a near-field communications payment platform to compete with Apple Pay and Android Pay, among others, have waved the white flag.In an email obtained by The Consumerist, the consortium said it's suspending its CurrentC beta program on June 28 and eliminating all user accounts that day.
  • 5300c769af79e

    Smartwatch Shipments Take Nosedive In Q3 2016

    The smartwatch market may be due for a significant recalibration as shipments of these devices have plummeted.In the third quarter of 2016, smartwatch shipments totaled 2.
  • 5300c769af79e

    Giveaway: Win 1 of 40+ Cases for the Galaxy S8, Galaxy S8+

    With all of its glass and fragility, it’s likely you are in the market for a Galaxy S8 or Galaxy S8+ case.We have over 40 of the best cases from various makers, such as Spigen and VRS Design, and we’re giving them all away!