Hackers looking for a payout have hit the Sacramento Regional Transit (SacRT) system, defacing the agency website, erasing data from some of its servers, and demanding money to stop the attack and not do further damage.
According to the Sacramento Bee, the hackers announced their presence on Saturday (November 18) by placing a message on the agency’s main webpage saying that they wanted to help the agency fix vulnerabilities.
On Sunday, they began erasing some of the agency’s virtual servers, and sent a Facebook message to SacRT with their demand: “Pay us now to stop attacking.”
They asked for one bitcoin – currently worth around $8,000 – but SacRT decided not to respond to the message or pay up.
Instead, they took all their systems offline to determine what data had been erased, to investigate how the hackers entered the system, and to restore affected systems from backup.
They also took down the affected homepage, and shut down their systems for processing credit card payments on Connect Cards until they can make sure that the hackers won’t be able to gain access to them.
SacRT chief operating officer Mark Lonergan said that the attack erased parts of computer programs on the agency’s servers that affect internal operations, but no data was found to be stolen.
It seems that the attackers did not want to steal data and hold it ransom – they requested money to stop the destructive attack.
Things are almost back to normal for users: the website is back online, fare vending machines and Connect Cards are functioning, but access to online accounts is still limited. The agency’s mobile fare app was not affected by the attack, as it is on a separate cloud-based system.
In the end, the attack did not affect light rail and bus operations.
As SacRT technicians work to bring all systems back online, the agency has also called in outside experts to help review their vulnerabilities and harden their systems against future attacks.
SacRT is not the only transportation agency to be hit by hackers looking for a quick payout. Almost a year ago, the computer systems of the San Francisco Municipal Transportation Agency were hit with ransomware, and the attackers asked for much more money.
It was discovered later that the same attackers attacked and tried to extort money from a number of US-based companies.