Quantcast

Muni Hackers Vow To Release 30GB Of Sensitive Data If Ransom Isn't Paid

Photo: torbakhopper/flickr
By Kevin Montgomery - Published on November 28, 2016.

The hackers behind the ransomware attack against Muni's computer network this past weekend are continuing to escalate their threats against San Francisco's transportation agency. Beyond controlling 2,112 of SFMTA computers, the hackers now claim to have stolen 30 gigabytes of sensitive departmental data and promise to release it if their demands are not met.

Yesterday, Hoodline learned the hackers, going by the pseudonym “Andy Saolis,” were demanding a 100 Bitcoin ($73,000) ransom to return control of nearly 25 percent Muni's computer network.

The deadline for sending ransom payment passed early Monday morning—a point at which the hackers had previously claimed they would close their email account, leaving the department without a method to purchase the password to regain access to their network.

Instead, as the deadline passed, Saolis sent a canned statement to several media outlets, including Motherboard, the Examiner and Forbes, with new claims that they extracted information from department computers before encrypting them and locking Muni out.

“I hope Company Try to Fix it Correctly and We Can Advise Them But if they Don’t , We Will Publish 30G Databases and Documents include contracts , employees data , LLD Plans , customers and … to Have More Impact to Company To Force Them to do Right Job!,” Saolis wrote in an email sent to the media.

The hackers, who acknowledged they do not reside in the United States, did not specify what they meant by “LLD Plans.”

According to a list, obtained by Hoodline, of Muni's machines currently encrypted by the hackers, Saolis likely has control of the department's payroll service, email servers, Quickbooks, several MySQL database servers, and personal computers for hundreds of employees.

It remains unclear if the hackers truly obtained departmental data or are just using the threat to attempt to pressure SFMTA into paying. Department spokesperson Paul Rose told the Examiner today, “Personal information of Muni customers were not compromised as part of this incident.”

The hackers also refused to provide any proof that they possessed stolen data to media outlets.

“We proof our capability before ! we don't want leak really but if they don't pay attention , it's will be our plan,” Saolis emailed Motherboard.

"We are working with the FBI to investigate and to help identify a suspect," SFMTA's Paul Rose told Hoodline this afternoon. "We are also working with the Department of Homeland Security."

With the new threat of releasing Muni data to the public being made, the hackers extended their original deadline to this Friday. Muni officials have reiterated their claim that they will not pay the ransom.

About 2 hours ago
San Francisco Mission

Mission Pupuseria owner fends off violent customer with furious table-flipping skills

An unruly customer messed with the wrong grandmother at Panchita's Pupuseria, where the matriarch owner took matters — and a large wooden table — into her own hands. Read More

About 23 hours ago
San Francisco

New statewide stay-at-home order sounding likely as first week of December brings escalating COVID hospitalizations

Just ten days after announcing a 10 p.m.-to-5 a.m. curfew for all "Purple" tier counties in California, Governor Gavin Newsom today gave a stark warning that stricter orders akin to what we saw in March may be coming within days amid quickly escalating coronavirus case counts and hospitalizations. Read More

About 24 hours ago
San Francisco Financial District

American Institute of Architects takes over ground-floor space in landmark Hallidie Building

The landmark Hallidie Building (130 Sutter St.) is getting a new ground-floor tenant next year, and it's the professional organization for architects that has long occupied some offices on an upper floor of the building. Read More

1 day ago
San Francisco Upper Haight

Haight smoke shop owner arrested in Salt Lake City after allegedly refusing to wear a face mask to board an airplane

A man who made international headlines after allegedly attempting to board a Delta flight out of Salt Lake City while refusing to put on a face mask turns out to be the owner of Upper Haight smoke shop Pipe Dreams (1376 Haight St.), which advertises itself as the oldest smoke shop in San Francisco. Read More