San Francisco Municipal Transport Organization (MUNI) was violated and contaminated with ransomware last weekend by a hacker calling himself Andy Saolis.
Because of the attack, all passengers could ride the subway for free, and the hacker demanded 100 Bitcoin ($ 73.000) λύτρα για να αφαιρέσετε το κακόβουλο λογισμικό, απειλώντας να διαρρεύσει 30 GB αρχείων που περιέχουν information customers, contracts and employees.
Και όμως, όπως φαίνεται ότι ο Andy Saolis δεν ήταν και τόσο προσεκτικός όσο θα περίμενε κανείς από έναν hacker. Ένας ερευνητής ασφαλείας κατάφερε να παραβιάσει τη διεύθυνση του ηλεκτρονικού του post officeand discover facts that will be useful during the investigation.
The blog Krebs On Security reports that the security researcher who wanted to maintain his anonymity was able to access the hacker's email address, just guessing the answer to a secret question he was using. With a password reset it was able to take full control of the account.
A message that existed in the envoy file shows that the hacker actually contacted MUNI officials at 25 in November to report the violation and ask for a ransom.
The message said:
“If you are in charge of MUNI-RAILWAY! All your computers/Servers in the MUNI-RAILWAY domain encrypted with AES 2048Bit! We have 2000 wrenches decryption! Send 100BTC to my Bitcoin Wallet, and then we will send you the decryption key For all your drives and the server!!”
The messages in the hacker's mailbox showed that this hack was not the first. From other violations and attacks with ransomware it appears that the hacker had received 140.000 dollars in Bitcoin.
It goes without saying that the account can be used by investigators to learn the true identity of Andy Saolis, and the KrebsOnSecurity blog notes that there are some emails from hosting providers. The passwords for some of the hacker's hosting accounts were saved in plain text and thus these servers can be accessed as well.
Meanwhile, MUNI claims it has removed the malware from its systems and that its data is safe, despite Andy Saolis's claims that he was in the hands of 30 GB files.
