All Aboard the Ransomware Express

All Aboard the Ransomware Express


Ransomware, an attack that has been around in some form or another since 1989, is one of the biggest cyber-crimes of 2016. Instances of this attack have quadrupled in number during 2016 from the same time period last year, and while some are hopeful that these rates will decrease in the coming year, ransomware has expanded its grasp to reach almost every industry out there. It’s latest target? Transportation networks. More precisely, San Francisco’s Municipal Transportation Agency.

The San Francisco Fiasco

San Francisco’s Municipal Transportation Agency (SFMTA), was hit last Saturday with ransomware. The attack actually began the night prior as SFMTA reported that agents’ computer screens displayed the message “You Hacked, ALL Data Encrypted.” These broken English displays and emails, received from a Yandex address, a Russian email provider, led the company to believe this attack was carried out by foreign hackers, however, they are not certain about that at this time. Whoever these hackers might have been, they requested payment of 100 bitcoin, equal to approximately $70,000, as ransom for the safe return of these encrypted files. However, the transportation agency took the FBI’s recent advice to those hit with ransomware and did not pay the ransom. Paul Rose, a SFMTA spokesman said, “We never considered paying the ransom. We have an IT team on staff who can fully restore all systems.”


Rose also stated that after investigating further, it has been determined that the hackers didn’t steal any financial records or other potentially damaging information about their customers or employees. This was extremely lucky for the transit system, as ransomware is often used to steal highly sensitive data from its victims. While there were disruptions to the system operations, in an attempt to avoid mass chaos, SFMTA decided to run their buses and light rail vehicles regardless, an added gift to riders of the ‘Muni Metro’ light rail as their fares were waived during this time. These free rides are, thankfully, the only major cost to the transit agency from this attack, and as of Monday, SFMTA was still trying to determine the magnitude of this financial damage.

Though San Francisco’s Municipal Transortation Agency was rather lucky despite having been hit by ransomware, this attack should be a wake up call for all transportation networks to amplify their cybersecurity measures.

Transportation Network Vulnerability

While San Francisco was fortunate in that this attack did not result in any disruption of their services, other transportation networks have not been so lucky. In 2008, a Polish hacker succeeded in derailing four vehicles after hacking into his local town’s transit system, injuring a dozen people, though thankfully killing no one. While not many cases of cyber-attack exist within the transportation world yet, the transportation industry is highly susceptible to attack, as is clear below in PhishMe’s 2016 Phishing Susceptibility and Resiliency report.

While cybersecurity can be an intimidating hurdle for any industry, it is especially important for companies like railways, whose entire operations would be derailed without the use of technology, to be strong in this area. As is true of every sector, there is no silver bullet to enhanced cybersecurity; multiple steps need to be taken in order to be strong against attack. By taking these simple steps, among others, transportation networks can be strong against cyber-criminals.

  • Educate employees– Computers were infected in the San Francisco ransomware attack because of employees clicking on malicious emails from hackers. Had the internal IT team who was able to recover the files on their own focused more of their efforts on preventative measures, such as educating the Agency’s employees on what factors indicate a phishing email, they would not have had to worry about the recovery aspect of this cyber crime at all. It may have even been avoided.
  • Have a recovery plan– Though all companies want to prevent an attack, having a backup plan is key in those cases where the cyber-crooks get through the cracks. As with overall cybersecurity, there is not one solution which will work every time for every company, but by speculating potential threats and developing customized plans of attack for each, companies can be prepared on the back end to recover data and get back to regular business operations as quickly and smoothly as possible.
  • Install and/or update hardware & software– You can never be too protected against attack, and it is important to protect your computers and their networks in as many ways as possible. By keeping up-to-date on softwares such as anti-viruses, as well as installing firewalls with Next-generation software, you can further protect both your employee and customer information.

By combining multiple, simple steps, cybersecurity becomes less threatening and much more manageable for companies across all industries. Implementing these tips as well as others and learning from similar networks’ security errors will result in transportation networks decreasing their vulnerability against attacks, such as ransomware.

Hailey R. Carlson | Axiom Cyber Solutions | 12/02/2016


About the Author