On Saturday night an unknown hacker targeted the Sacramento Regional Transit System (RT or SacRT) in California and hacked into its website along with its critical cyber infrastructure. At first, the hacker defaced the site, left a message and pretended to be one of the good guys who hack and report to affected authorities so they can patch security loopholes in their system to avoid “bad guys” from targeting and taking advantage of them.
The message on the defaced site was written in broken English. Moreover, the hacker asked Sacramento Regional Transit team to contact them through a ProtonMail based email address so they can help them fix “Very Dangerous” vulnerability.
Screenshot of the deface page HackRead was able to grab from Google Cache
By then, the hacker had complete control over the system that would allow them to delete the desired data. Upon contact, the hacker demanded a sum of $7,000 in Bitcoin as ransom or threatened to face the consequences. According to SacRT spokesperson Wendy Williams “It was simply a ransom attack where they were going to delete files if we didn’t pay via bitcoin of $7,000,” reported KCRA.
What was affected
As expected, SacRT decided not to pay a dime resulting in the removal of 30% of its data. “It didn’t really affect service; it may have affected people’s ability to pay,” said RT deputy general manager Mark Lonergan. “We’ve had malware attacks, and viruses get into the system before, this was our first cyber attack.”
Although the cyber attack deleted a large number of SacRT’s data; its impact on bus and rail service was zero. However, erasing of data affected internal operations such as the ability to use computers to dispatch employees and assign buses for routes, reported the location newspaper The Sacramento Bee.
FVMs & Connect Cards are functioning, access to online accounts are limited. Light rail and bus operations have not been impacted.
— Regional Transit (@RideSacRT) November 20, 2017
The agency also claims that no data was stolen but its website and systems for processing credit card payments on Connect Cards will stay offline until an extra layer of security is implemented to tackle cyber attacks in future.
Backup at work
In an attack that involves system take over; the only practice that can save victims is “keeping a backup” for their data. SacRT’s IT team, on the other hand, was well aware of that fact and kept a backup for all of the agency’s data allowing them to dismiss the threats and restore the files afterward.
SacRT was the victim of a cyber ransom attack over the weekend. Network damage was limited, and no personal data was compromised.
— Regional Transit (@RideSacRT) November 20, 2017
It’s indeed because the IT department that SacRT saved $7,000 of taxpayers. Other businesses should learn from the agency and start backing up their data since hackers can target any business at any time.
[q]Hacker deleted %30 of the agency data[/q]
This is the second time that a transit system in the United States has come under ransom attack. Previously, San Francisco Railway’ Fare System was compromised by unknown hackers who demanded 100 Bitcoin Ransom to unlock more than 2,000+ hacked transit system computers.
At the time of publishing this article, SacRT’s official website was back online.
[fullsquaread][/fullsquaread]
