The hacker responsible for all those free Muni rides over the weekend is asking for 100 bitcoin (about $73,000) in exchange for unlocking the affected Muni computers, as the Examiner found out from emailing him/her. And Muni issued a statement on Sunday acknowledging the ransomware hack and assuring riders that "there were no impacts to the safe operation of buses and Muni Metro" and "Neither customer privacy nor transaction information were compromised."
Muni also says that the situation is "contained," but they did not clarify when they expected their systems to be fully restored and operational.
In a reply message to The Verge, who also emailed the hacker, the responsible party said, "we don't attention to interview and propagate news ! our software working completely automatically and we don't have targeted attack to anywhere !” They also said, “We are waiting for contact any responsible person in SFMTA but i think they don’t want deal."
Muni's fare machines and train schedule screens were hacked sometime Friday, with the message appearing on them "You hacked. All data encrypted," and providing an email address through which to negotiate restoration of the data. This caused the SFMTA to make all Muni rides free on Friday and Saturday, opening fare gates in the Muni Metro in what many riders thought was just a holiday weekend promotion.
As Slate reports, the hack compromised 2,000 computers in the Muni system including those related to "agency-wide functions like payroll, email, and real-time bus locations." This led dispatchers to have to assign bus routes to drivers using handwritten notes on a bulletin board.
Concerns were immediately raised over the weekend about whether, through the fare machines, the hacker could have access to riders' bank and credit accounts that are attached to their Clipper cards.
Meanwhile video game fans and Kotaku have been noting how the Muni hack "feels straight out of Watch Dogs 2," a newly released game about hackers that's based in San Francisco (but the similarities end there).
Update: Forbes also got in contact with the hacker, who continues to press his or her case, and who claims to be ready to leak 30GB of both SFMTA employee info and that of customers, though it remains unclear what type of data may have been compromised given the SFMTA's earlier statement.
"Company don’t pay attention to Your safety! They give your money and everyday rich more! But they don’t pay for IT security and using very old systems!”
According to the Cryptom27 crew, all payment kiosks, internal automation systems and email were compromised. Signing off, they threatened to leak 30GB of the Municipal Transportation Agency’s databases and documents, including “contracts, employees’ data [and] customers," if the organization didn’t accept the hackers’ help in securing their systems.