Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

This Hacker Messed With the Wrong Transportation Agency

This Hacker Messed With the Wrong Transportation Agency

While San Francisco residents might not be happy that they’ll again have to pay fares to ride the city’s rail system, the reason they again have to do so is understandable. Plus, it provides an excellent example of the importance of maintaining a backup and using complex passwords.

A hacker or group of hackers, operating under the moniker Andy Saolis, managed to halt the collection of fares by the San Francisco Municipal Transportation Agency (or Muni) by hacking their station computer system and introducing a strain of ransomware into it. As a result, Muni employees were unable to access their workstations and some of the agency’s systems were disabled.

However, the hacker claimed to have accomplished more, as ticketing kiosks across the city would only display “you hacked. ALL data encrypted.” The ransom demand for the decryption key was approximately $73,000 in Bitcoin. Despite the hacker’s apparent confidence in their accomplishment, Muni elected to not pay the ransom, deciding instead to restore their systems from a backup and allowing cybersecurity experts to strike back against the hacker, not just once, but twice.

Two independent vigilante hackers managed to access the email account of “Andy Saolis” to collect information that helped to stop the attack, both by correctly guessing the answer to the account’s security question. It would seem that the hacker(s) known as Andy Saolis had been active for a while, but had never before targeted anything other than private companies, which very well may have led to their downfall.

Once the attack was thwarted it came to light that seemingly no data, including that from Muni’s customer payment systems, had been accessed, despite the attack affecting 25 percent of Muni’s network. Saolis, unsurprisingly, gave a considerably different account online.

Claiming to have stolen data from the payment kiosks, as well as 30 gigabytes of data from Muni’s system on their employees, customers, and technical matters, Saolis wasn’t shy about casting himself (or themselves) in the light of the vigilante against an unjust system.

According to an email sent through Russian service Yandex.com, “They give Your Money and everyday Rich more! But they don’t Pay for IT Security and using very old system’s !”

Shortly after the attack ended, security experts were also able to establish that the emailer was based in Iran, and had gained access to the hacker’s servers.

Though Muni never had to pay a ransom for their data, this attack wasn’t cheap, costing them the combined total of the free rides they granted to commuters as their systems were compromised. However, this total would certainly be less than the actual cost of the Bitcoin ransom, and so a good general rule to follow is to never give in to a hacker’s possibly insincere demands.

On the topic of the hacker, whose password was guessed by two separate strangers, how weak must this password have been? While nobody should ever complain about a hacker being foiled, it goes to show how a complete stranger could find their way into your accounts if you aren’t being careful..

This case is far from over, as the Federal Bureau of Investigation and the U.S. Department of Homeland Security are still investigating the matter, which provides proof that public systems are still unable to be fully trusted.

There is a lot for SMBs to learn from this story. How confident are you in your IT security? If you feel it’s time for a security audit in order to determine how protected your business is from all kinds of threats, reach out to Total Tech Care at 866-348-2602.

 

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 25 December 2024
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Network Security Business Google Microsoft Internet Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices Hardware IT Services Android Disaster Recovery VoIP communications Business Continuity Smartphones Communication IT Support Smartphone Miscellaneous Mobile Device Small Business Network Browser Productivity Collaboration Quick Tips Cybersecurity Users Business Management Windows Upgrade Phishing Managed IT Services Data Backup Outsourced IT Ransomware Windows 10 Data Recovery Office Server Cloud Computing Save Money Windows 10 Passwords Virtualization Saving Money Holiday Gadgets Tech Term Social Media Chrome Managed IT Services Managed Service Automation Microsoft Office Computers Facebook Operating System Artificial Intelligence Cybercrime BYOD Mobile Device Management Networking Internet of Things IT Support Hacking Wi-Fi Health Remote Spam Information Office 365 Telephone Systems Covid-19 Managed Service Provider Alert Information Technology Router Bandwidth BDR Social Engineering Mobility Recovery Employer-Employee Relationship Encryption Mobile Computing Applications Remote Monitoring Application Law Enforcement App History Big Data Password Money Data Breach Human Resources Remote Computing Blockchain Mobile Office Paperless Office Government How To Private Cloud Office Tips Training Managed IT Data Storage Patch Management VPN Apps Servers Marketing Two-factor Authentication WiFi IT solutions Google Drive Entertainment Mouse Website HaaS Budget Data Security Avoiding Downtime Infrastructure Voice over Internet Protocol Wireless Vulnerability Bring Your Own Device Gmail Data Management Work/Life Balance Windows 7 Word Settings Flexibility End of Support Virtual Reality Vendor Management Physical Security Apple Education Safety Social HIPAA Sports Redundancy User Error USB Software as a Service Keyboard Telephone System Staff Meetings Machine Learning Connectivity Remote Work Vendor Risk Management Managed Services Display Hacker Save Time The Internet of Things Lithium-ion battery Conferencing Employee/Employer Relationship RMM Cleaning Scam Data Protection Firewall SaaS Shadow IT Digital Signage CES Legal Unsupported Software Internet Exlporer Business Technology Content Management Network Congestion Access Control Charger Printer Procurement eWaste Bluetooth Workplace Strategy PDF Virtual Assistant Compliance Net Neutrality Authentication OneNote Computer Care Current Events Help Desk Telephony Printing Proactive IT Samsung Wearable Technology Best Practice IT Consultant Hard Drives Update YouTube Retail Instant Messaging Black Market Value Managed Services Provider Humor Robot Excel Google Docs Spam Blocking Electronic Medical Records Database Biometrics Identity Theft Remote Workers Virtual Desktop Document Management Solid State Drive Wireless Technology Hiring/Firing How to Downtime Processor DDoS Augmented Reality SharePoint Fraud Data storage Hard Drive Automobile Remote Worker Business Intelligence Computing Infrastructure Computing Cryptocurrency Customer Service Environment Audit Going Green Worker Virus IT Management Unified Threat Management Fax Server Comparison Botnet Computer Accessories Battery IT Plan Audiobook Dark mode Workers Trend Micro File Sharing Benefits Tablet Inventory Specifications FENG SMS Touchpad Camera Cameras Default App Domains IBM Saving Time Wire Evernote Procedure Travel Politics Flash dark theme Advertising Shopping IaaS Smart Technology Google Search Maintenance Bloatware Millennials AI Printers IT Infrastructure Supercomputer Notifications Smart Office Bing Wireless Charging Software Tips FinTech Tablets Sync Emails Social Network Entrepreneur Workforce Virtual Private Network Printer Server Investment Relocation Employee/Employer Relationships Cables Employees Windows 365 Netflix Two Factor Authentication ISP Shortcut Nanotechnology Cost Management Telecommuting Video Games Root Cause Analysis Video Conferencing Project Management ROI Knowledge Bitcoin Music Shortcuts Social Networking Cortana Worker Commute HBO Sales Experience Skype Point of Sale Personal Cryptomining Digital Signature Scalability Data loss Supply Chain Management Warranty Leadership Batteries Running Cable HVAC Troubleshooting Google Apps Business Owner Outlook Monitoring Memory Start Menu Windows 8.1 Digitize NarrowBand Analysis Devices Search Screen Mirroring Administrator Loyalty Windows Server 2008 R2 iPhone Enterprise Content Management Books Frequently Asked Questions Customer relationships Mobile Email Best Practices Windows 10s Consultant IT Assessment MSP Manufacturing Accountants Thought Leadership Credit Cards Cast Microchip Analytics Files webinar Managed IT Service Password Management Emergency Security Cameras Password Manager Science Tip of the week Computer Tips Multi-Factor Security Professional Services Virtual CIO Public Cloud Best Available OneDrive Chromecast Employer Employee Relationship Biometric Security Twitter WIndows 7 Peripheral Search Engine Assessment Digital Security Cameras Colocation Using Data Distributed Denial of Service Uninterrupted Power Supply NIST Customer Relationship Management Business Mangement Windows Server 2008 Analyitcs Trending Tools Copiers 5G Smart Tech Addiction Programming Amazon Quick Tip Monitor Television Ergonomics Smartwatch Recycling Development Wiring OLED Practices Virtual Machine Antivirus Streaming Media Cache Windows Media Player Amazon Web Services User PCI DSS Reputation Public Computer PowerPoint Regulations 2FA Fiber Optics Tech Support Safe Mode Transportation Employee Criminal Windows 8 Content Techology Computer Fan Messaging Laptop GDPR Rootkit Cabling IT service Hosted Computing Hypervisor Wireless Internet Online Shopping Managing Stress Policy Customers

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code