The Municipal Transportation Organization (MUNI) of San Francisco was hacked and infected with ransomware last weekend by a hacker calling himself Andy Saolis.
Because of the attack, all passengers could ride the subway for free, and the hacker demanded a 100 Bitcoin ($73.000) ransom to remove the malicious software, threatening to leak 30 GB of files containing customer, contract and employee information.
And yet, it seems that Andy Saolis was not as careful as you would expect from a hacker. A security researcher has managed to break his e-mail address and find out what will be useful during the investigation.
Το blog Krebs On Security αναφέρει ότι ο ερευνητής ασφαλείας που θέλησε να διατηρήσει την ανωνυμία του κατάφερε να αποκτήσει πρόσβαση διεύθυνση ηλεκτρονικού ταχυδρομείου του hacker, μαντεύοντας απλά την απάντηση σε μια μυστική ερώτηση που χρησιμοποιούσε. Με μια reset of the password was able to take full control of the account.
A message that existed in the envoy file shows that the hacker actually contacted MUNI officials at 25 in November to report the violation and ask for a ransom.
The message said:
“If you are in charge of MUNI-RAILWAY! All your PCs / Servers in the MUNI-RAILWAY domain are encrypted with AES 2048Bit! We have 2000 decryption keys! Send 100BTC to my Bitcoin Wallet, and then we will send you the decryption key For all your disks and server !! ”
The messages in the hacker's mailbox showed that this hack was not the first. From other violations and attacks with ransomware it appears that the hacker had received 140.000 dollars in Bitcoin.
It goes without saying that the account can be used by researchers to learn the real identity of Andy Saolis, and the KrebsOnSecurity blog notes that there are some emails from hosting providers. The passwords for some of the hacker's hosting accounts were saved in plain text, so access to these servers is also possible.
Meanwhile, MUNI claims to have removed the malware από τα συστήματα της και ότι τα δεδομένα της είναι ασφαλή, παρά τους ισχυρισμούς του Andy Saolis που δήλωνε ότι είχε στα χέρια του 30 GB αρχείων.
