SAN FRANCISCO (CBS SF) — Hackers who shut down the San Francisco Municipal Railway fare system over the weekend have demanded a ransom from the city or they will release critical data allegedly downloaded during the attack.

While the fare system was back on line Monday, the hackers have reportedly demanded a ransom to unencrypt affected computers and threatened to release agency data.

The agency has been working with the Department of Homeland Security and does not believe the hackers have access to any critical data including customer or employee personal data.

“We never even considered paying the ransom nor do we intend to do so,” San Francisco Municipal Transportation Agency spokesman Paul Rose said.

The attack using ransomware software occurred Friday, when fare machines at all underground Muni stations began to display the message “You hacked, ALL data encrypted.” The message included an email contact.

Rose said the agency had restored around 75 percent of the affected computers as of the end of Sunday and hoped to have that to 100 percent by the end of Monday.

Investigators do not think the incident was caused by a targeted hacking attack, but rather by someone within the SFMTA system unwittingly clicking on a link in an email or on a web site that downloaded the ransomware software.

The attack affected internal computer systems including email and part of the payroll system, but “never breached our firewall,” Rose said.

Muni officials are still working to calculate the full cost of the incident in terms of lost fares and repair costs, and are working with the FBI to help identify the hackers.

TM and © Copyright 2016 CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2016 CBS Broadcasting Inc. Used under license. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. Bay City News Service contributed to this report.

Comments (15)