The hacker who hacked San Francisco mass transit got hacked himself
Someone got into Muni's computer system and threatened to lock its administrators out until they paid 100 bitcoin, or about $73,000, to the ransomer. Muni had to make all rides free on Saturday, although most systems are back in working order.
But in a stroke of irony, it turns out the person who hacked Muni ended up getting hacked himself, Brian Krebs reported on Tuesday morning.
The ransom note had an email address (cryptom27@yandex.com) for Muni administrators to contact in order to arrange the payment. A security researcher was able to get access to that email inbox by guessing the answer to the hacker's secret question, and leaked the inbox to Krebs.
The stolen emails seen by Krebs even show the hacker had pulled off successful ransom heists before, at one point extorting about $45,000 from a U.S.-based manufacturing firm.
Other bitcoin wallets in the emails suggest the hacker had collected at least $140,000. The hacker had tried to extort several manufacturing and construction firms in the United States.
The number could be higher because the hacker used several email addresses, some of which were not accessible. Krebs suggests the hacker may be from Iran.
Ransomware can be scary. Muni computer screens read "You are Hacked. ALL Data Encrypted," and the hacker is threatening to release 30 gigabytes of internal Muni data.
If you're worried about ransomware, you should make sure your systems are regularly backed up, and your backups are not on the same network as the systems they're backing up. Here are some additional FBI recommendations about how to best deal with ransomware.
The entire Krebs report is fantastic and worth a read as one of the best looks into this shadowy corner of the internet available today.