The San Francisco Municipal Transportation Agency, better known as the Muni, says it will not pay hackers to restore its systems after a ransomware attack. The hackers, meanwhile, were themselves hacked by a security researcher.
“We have never considered paying the ransom,” Muni spokesman Paul Rose told the trade publication Bank Info Security. “We have an IT team that can fully recover our systems, and they are doing that.”
{mosads}Over Thanksgiving weekend, ransomware was encrypted in workstations across the Muni’s network. The attack forced the light rail transit system to give free rides as payment systems needed to be put back online.
Hackers left a message with an email contact to pay the ransom, which media agencies later contacted. In conversations with the media, the hackers said they wanted 100 bitcoin — roughly $73,000.
In those conversations, the hackers made claims that many experts have questioned, including that the malware used was custom built and they had stolen data that they would release to the public if their fee is not met.
Security reporter Brian Krebs wrote in his wrap up of the Muni hack that a researcher contacted him after hacking the email account provided by the attackers.
Krebs wrote, “The researcher, who has asked to remain anonymous, said he compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s email password. A screen shot of the user profile page for [the email address] shows that it was tied to a backup email address, [on the same domain], which also was protected by the same secret question and answer.”