The San Francisco Municipal Transportation Agency (MUNI) was hacked and infected with ransomware last weekend by someone hacker who calls himself Andy Saolis.
Because of the attack, all passengers could make free metro routes, and the hacker asked 100 Bitcoin ($ 73.000) ransom to remove the malicious software, threatening to leak 30 GB files containing customer information, contracts and employees.
Και όμως, όπως φαίνεται ότι ο Andy Saolis δεν ήταν και τόσο προσεκτικός όσο θα περίμενε κανείς από έναν hacker. Ένας ερευνητής ασφαλείας κατάφερε να παραβιάσει τη διεύθυνση του ηλεκτρονικού του ταχυδρομείου και να ανακαλύψει στοιχεία που θα είναι χρήσιμα κατά τη διάρκεια της researchs.
The Krebs On Security blog reports that the security researcher who wanted to keep the anonymity managed to gain access to the hacker's email address by simply guessing the answer to a secret question he used. With a password reset he was able to take full control of the account.
A message that existed in the envoy file shows that the hacker actually contacted MUNI officials at 25 in November to report the violation and ask for a ransom.
The message said:
“If you are in charge of MUNI-RAILWAY! All your computers/Server & Hosting in the MUNI-RAILWAY domain were encrypted with AES 2048Bit! We have 2000 decryption keys! Send 100BTC to my Bitcoin Wallet, and then we will send you the decryption key For all your drives and the server!!”
The messages that were in the hacker's mailbox showed that this particular hack was not his first. From other breaches and ransomware attacks it appears that the hacker had collected $140.000 in Bitcoins.
It goes without saying that the account can be used by researchers to learn the real identity of Andy Saolis, and the KrebsOnSecurity blog notes that there are some emails from hosting providers. The passwords for some of the hacker's hosting accounts were saved in plain text, so access to these servers is also possible.
Meanwhile, MUNI claims it has removed the malware from its systems and that its data is safe, despite Andy Saolis's claims that he was in the hands of 30 GB files.