As ransomware remains to be a hot topic in the cyber space, it is steadily transcending into the real world. Last weekend, the passengers of San Francisco railway system (MUNI) have experienced the primary effects of ransomware attack – due to systems hacked by Mamba ransomware, they were granted free rides. Though such incident did not result in any major losses or severe outcomes, the penetration of virtual viruses into the reality is becoming a worrying matter.
The residents of San Francisco were first surprised by getting an opportunity to ride with Municipal Railways for free on Black Friday. While the ticket machines were showing signs of “out of service” and “free ride”, all 2 000 linked systems were shut down displaying: “You Hacked, ALL Data Encrypted. Contact For Key([email protected])ID:681 ,Enter.“ The swindlers demanded 100 BTC (approximately 73 000 USD) in exchange for the system recovery, but there is no information whether the MUNI paid the money or not. Experts speculate that this virus is the variation of HDDCryptor. However, as we have already mentioned, HDDcryptor comprises only one part of a bigger ransomware campaign known as Mamba. The traces lead to the Californian ransomware group calling themselves Andy Saolis. It is not known whether the hijack was terminated by the hackers themselves on Sunday afternoon or it was the accomplishment of IT security specialists.