The attack occurred on 18 November, reports The Sacramento Bee, when unknown hackers defaced the public transportation agency’s main website with the following message:
I’m sorry to modify the home page, i’m good hacker, i I just want to help you fix these vulnerability. This is one of the loopholes, modify the home page….
Technicians accessed the agency’s system shortly thereafter to evaluate the extent of the attack’s damage. It was around that same time that the hackers gained access to SacRT’s virtual servers and erased some of their data.
Fortunately, this action did not pass unnoticed by the entity’s security systems. Chief Operating Officer Mark Lonergan said the Sacramento Regional Transit sprang into action:
We caught it early (Sunday) morning. We took all our systems offline. We are restoring everything now and bringing it up online.
It also reached out to its Twitter followers notifying them of possible issues they might experience along their commute.
Rider Alert: SacRT is experiencing network issues that may affect bus and light rail schedules, and access to our website and some apps.
— Regional Transit (@RideSacRT) November 19, 2017
In the meantime, the hackers messaged SacRT with a single demand: pay one Bitcoin (worth over $8,000 at the time), or the attacks will continue. The Sacramento Regional Transit did not respond to that request and instead focused on restoring from its backups.
The attack overall erased about 30 percent of the agency’s files, reports KCRA. However, it did not result in the theft of employee or customer information, and it did not affect bus and light rail services. If anything, it might have limited customers’ (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/latest-security-news/hackers-demanded-8k-sacramento-regional-transit-attack/