Muni computer systems were compromised late Friday after an SFMTA employee apparently downloaded what is called “ransomware,” a form of malware that allows an attacker to lock up a victim’s computers, and demand a ransom to release them for use.  (Joe Fitzgerald Rodriguez/S.F. Examiner)

Muni computer systems were compromised late Friday after an SFMTA employee apparently downloaded what is called “ransomware,” a form of malware that allows an attacker to lock up a victim’s computers, and demand a ransom to release them for use. (Joe Fitzgerald Rodriguez/S.F. Examiner)

Muni guarantees customer data not at risk as hacker sends new threat

The San Francisco Municipal Transportation Agency has guaranteed its transit customers are not at risk amid a malware attack over the weekend that targeted Muni, San Francisco’s public transit system.

The alleged attacker has demanded $73,000 in ransom for stolen city data.

SEE RELATED: Alleged Muni ‘hacker’ demands $73,000 ransom, some computers in stations restored

“Personal information of Muni customers were not compromised as part of this incident,” Paul Rose, a spokesperson for the SFMTA, said Monday.

“We’ve never considered paying the ransom,” he added, “because we have in-house staff capable of recovering all systems, and we’re doing that now.”

SEE RELATED: ‘You Hacked’ appears at Muni stations as fare payment system crashes

There are many ways the SFMTA collects identifiable information, such as payment of parking tickets, or paying Muni fares via its mobile app, Muni Mobile.

Muni computer systems were compromised late Friday after an SFMTA employee apparently downloaded what is called “ransomware,” a form of malware that allows an attacker to lock up a victim’s computers, and demand a ransom to release them for use.

However, despite Rose’s guarantee of customer safeguards, the alleged malware attacker –– known only by a pseudonym, “Andy Saolis” –– issued a new threat to Muni via news agencies claiming customer data was compromised.

“But if ugly hacker’s attack to Operational Railways System’s, what happen to You?” the alleged attacker wrote, “Anyone See Something like that in Hollywood Movies But it’s Completely Possible in Real World!”

The alleged attacker wrote they gained access through a Windows 2000 PC server at the SFMTA including “all payment kiosk and internal automation and Email,” and threatened to release 30 gigabytes worth of contracts, employee data, “LLD plans,” customer data, and more.

The SFMTA’s deadline to pay the ransom is Friday, the alleged attacker said, though previously the deadline was Monday.

The alleged attacked said they are not attempting to gain control of train operations, which are run by computer.

Saolis did not say what customer data they had, specifically.

Hoodline obtained a list of about 2,000 computers in the control of the alleged attacker (out of SFMTA’s 8,000 or so computer systems), which may give some indication of the data the attackers have at their fingertips.

Among them were a computer belonging to Kate Toran, head of SFMTA taxi services, Muni “CCTVS” which may stand for Closed Circuit TV (a surveillance system), Muni HR-DMV, and a computer named “DATSERVICES.”

Another computer, MUNIFLYNN, may contain data from Muni’s Flynn Division, a bus yard.

Rose said he had not seen the list of computers.

“Our firewalls were never penetrated,” Rose said, and reiterated that the SFMTA would not pay the ransom.
hackMuniransomSFMTATransit

If you find our journalism valuable and relevant, please consider joining our Examiner membership program.
Find out more at www.sfexaminer.com/join/

Just Posted

Advocates with the San Francisco Public Bank Coalition hold a rally outside City Hall before the Board of Supervisors were to vote on a resolution supporting the creation of a public banking charter on Tuesday, Feb. 5, 2019. (Kevin N. Hume/S.F. Examiner)
Should San Francisco run its own public bank? The debate returns

Prior to the COVID-19 pandemic, momentum was building for San Francisco to… Continue reading

Apprenticeship instructor Mike Miller, center, demonstrates how to set up a theodolite, a hyper-sensitive angle measuring device, for apprentices Daniel Rivas, left, Ivan Aguilar, right, and Quetzalcoatl Orta, far right, at the Ironworkers Local Union 377 training center in Benicia on June 10, 2021. (Photo by Anne Wernikoff, CalMatters)
California’s affordable housing crisis: Are labor union requirements in the way?

By Manuela Tobias CalMatters California lawmakers introduced several bills this year that… Continue reading

People fish at a dock at Islais Creek Park on Thursday, June 10, 2021. (Kevin N. Hume/The Examiner)
What Islais Creek tells us about rising sea levels in San Francisco

Islais Creek is an unassuming waterway along San Francisco’s eastern industrial shoreline,… Continue reading

Organizer Jas Florentino, left, explains the figures which represent 350 kidnapped Africans first sold as slaves in the United States in 1619 in sculptor Dana King’s “Monumental Reckoning.” The installation is in the space of the former Francis Scott Key monument in Golden Gate Park. (Kevin N. Hume/The Examiner)
What a reparations program would look like in The City

‘If there’s any place we can do it, it’s San Francisco’

Officer Joel Babbs, pictured at a protest outside the Hall of Justice in 2017, is representing himself in an unusually public police misconduct matter. <ins>(Courtesy Bay City News)</ins>
The strange and troubling story of Joel Babbs: What it tells us about the SFPD

The bizarre and troubling career of a whistle-blowing San Francisco police officer… Continue reading

Most Read