The Daily Swig Web security digest

SacRT systems back on track following ransom demand

James Walker | 22 November 2017 at 11:17

Normal service resumes for Sacramento’s public transport agency.

Sacramento Regional Transit District (SacRT), the agency that oversees public transportation in California’s capital city, has announced that its website and digital payment system is back online following a hack that occurred over the weekend.

SacRT, which serves 27.8 million bus and light rail passengers a year, provided details of the attack via social media on Monday:

While the authority said its fare vending machines and Connect Card electronic payment systems were functioning during the attack, access to online accounts was limited. Light rail and bus operations were not impacted.

According to the Sacramento Bee, the attack occurred on November 18, when hackers gained access to SacRT systems, erased data, and defaced the agency’s website. The unknown actors threatened to do more harm unless they were paid one bitcoin (approximately $8,000).

Those visiting the SacRT website on Saturday were greeted with a message that read: “I’m sorry to modify the home page, I’m good hacker, I just want to help you fix these [sic] vulnerability. This is one of the loopholes, modify the home page.”

The agency’s chief operating officer, Mark Lonergan, told the Sacramento Bee that SacRT’s technicians ignored the ransom demand, instead opting to take the payment system and website offline while an assessment was conducted.

The system was restored at around 10:40am local time on Monday:

The agency is now understood to be cooperating with the Department of Homeland Security on an investigation into the incident.