Cyber Incident Victim: Muni
Date:
Nov 2016
Location:
United States of America
Summary
A ransomware attack targeted San Francisco's public transit system, encrypting internal computer systems and disrupting operations. The perpetrator demanded a ransom payment in Bitcoin to restore access. During the incident, fare collection systems were compromised, allowing passengers to ride without paying. The organization managed to recover systems without fulfilling the ransom demand, restoring normal service after the disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
I will answer the last question.
A ransomware attack affected the San Francisco Muni transit system, with the attacker demanding $73,000 in exchange for restoring access to computers and systems. The attack compromised the availability of the systems, and the confidentiality of the data was also at risk due to the threat of data dump. The attacker, who was not identified, used a data attack tactic, which involved the manipulation, destruction, or encryption of data. The motive behind the attack was likely personal gain, as the attacker demanded a ransom in exchange for restoring access to the systems. The attack highlights the importance of having robust cybersecurity measures in place to prevent such incidents.