Muni Ransomware Attacker is Hacked

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Muni Ransomware Attacker is Hacked

The hacker responsible for a major ransomware attack on San Francisco’s “Muni” rail network has earned over $100,000 from multiple attacks over the past few months, it emerged after he himself was hacked.

An unnamed security researcher managed to crack the email account posted by the attacker in his message to the San Francisco Municipal Transportation Agency (SFMTA) on Friday, according to Krebs On Security.

Guessing the secret question apparently allowed the white hat to reset the account password.

That account revealed a ransom message sent on Friday to an SFMTA infrastructure manager and details from more than a dozen Bitcoin wallets, suggesting he has managed to extort over $140,000 from companies since August.

It also appears as if his main targets were US manufacturing and construction companies, the majority of which paid a ransom of around one Bitcoin ($730) per server.

The attacker used open source tools to scan for internet-connected machines vulnerable to exploit, with Oracle servers, including Primavera project portfolio management software, particularly favored.

Some companies would even pay up extra Bitcoins in return for information on how they were hacked, the report claimed.

Over 300 addresses linked to an attack server used by the black hat appear to be based in Iran, although a contact number is for a Russian mobile.

It appears as if the hacker will be out of luck this time, as the SFMTA has claimed it will not be paying the ransom.

A lengthy note on Monday had the following:

“The SFMTA has never considered paying the ransom. We have an information technology team in place that can restore our systems, and that is what they are doing.

Read More. Muni Hacker is Hacked
 
F

ForgottenSeer 55474

o_OBut if you are very careful,and do not click any stranger links and so on,carefully all the time could you then got hit with ransomware anyway:(Could someone explain to me what is the typic ransomware attack,what does it look like
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top