Quantcast

Muni Hackers Vow To Release 30GB Of Sensitive Data If Ransom Isn't Paid

Photo: torbakhopper/flickr
By Kevin Montgomery - Published on November 28, 2016.

The hackers behind the ransomware attack against Muni's computer network this past weekend are continuing to escalate their threats against San Francisco's transportation agency. Beyond controlling 2,112 of SFMTA computers, the hackers now claim to have stolen 30 gigabytes of sensitive departmental data and promise to release it if their demands are not met.

Yesterday, Hoodline learned the hackers, going by the pseudonym “Andy Saolis,” were demanding a 100 Bitcoin ($73,000) ransom to return control of nearly 25 percent Muni's computer network.

The deadline for sending ransom payment passed early Monday morning—a point at which the hackers had previously claimed they would close their email account, leaving the department without a method to purchase the password to regain access to their network.

Instead, as the deadline passed, Saolis sent a canned statement to several media outlets, including Motherboard, the Examiner and Forbes, with new claims that they extracted information from department computers before encrypting them and locking Muni out.

“I hope Company Try to Fix it Correctly and We Can Advise Them But if they Don’t , We Will Publish 30G Databases and Documents include contracts , employees data , LLD Plans , customers and … to Have More Impact to Company To Force Them to do Right Job!,” Saolis wrote in an email sent to the media.

The hackers, who acknowledged they do not reside in the United States, did not specify what they meant by “LLD Plans.”

According to a list, obtained by Hoodline, of Muni's machines currently encrypted by the hackers, Saolis likely has control of the department's payroll service, email servers, Quickbooks, several MySQL database servers, and personal computers for hundreds of employees.

It remains unclear if the hackers truly obtained departmental data or are just using the threat to attempt to pressure SFMTA into paying. Department spokesperson Paul Rose told the Examiner today, “Personal information of Muni customers were not compromised as part of this incident.”

The hackers also refused to provide any proof that they possessed stolen data to media outlets.

“We proof our capability before ! we don't want leak really but if they don't pay attention , it's will be our plan,” Saolis emailed Motherboard.

"We are working with the FBI to investigate and to help identify a suspect," SFMTA's Paul Rose told Hoodline this afternoon. "We are also working with the Department of Homeland Security."

With the new threat of releasing Muni data to the public being made, the hackers extended their original deadline to this Friday. Muni officials have reiterated their claim that they will not pay the ransom.

Oct 24, 2020
San Francisco Financial District

Long-delayed FiDi luxury hotel gets sleek new proposed design, still nowhere near approval

They’re basically building a 200-room glass hotel on top of the current Cort Furniture brick facade at Battery and Merchant Streets, but nary a Planning Department permit has been granted for the new plan. Read More

Oct 22, 2020
San Francisco Dogpatch Mission Bay

Crane Cove Park opens near Mission Bay — with sandy beaches and grassy lawns

The past seven months have encouraged San Franciscans to reacquaint themselves with city parks — and now, there’s a new one to explore that even includes an accessible beach and two-acre grassy lawn. Read More

Oct 22, 2020
San Francisco

SF's notable public and private high schools

With Lowell High School and its noted prestige among San Francisco residents making headlines this week, we thought some of you might need a lay of the educational land. Read More

Oct 21, 2020
San Francisco Tenderloin

Tommy’s Joynt announces Oct. 29 reopening, teases Thanksgiving plans

We could be stuffing our faces with Tommy’s Joynt turkey this Thanksgiving, and the old-school Van Ness sandwich-and-stew hofbrau has announced a “reduced” reopening for Thursday, October 29. Read More