by Kevin Montgomery : hoodline – excerpt
The hackers behind the ransomware attack against Muni’s computer network this past weekend are continuing to escalate their threats against San Francisco’s transportation agency. Beyond controlling 2,112 of SFMTA computers, the hackers now claim to have stolen 30 gigabytes of sensitive departmental data and promise to release it if their demands are not met.
Yesterday, Hoodline learned the hackers, going by the pseudonym “Andy Saolis,” were demanding a 100 Bitcoin ($73,000) ransom to return control of nearly 25 percent Muni’s computer network.
The deadline for sending ransom payment passed early Monday morning—a point at which the hackers had previously claimed they would close their email account, leaving the department without a method to purchase the password to regain access to their network.
Instead, as the deadline passed, Saolis sent a canned statement to several media outlets, including Motherboard, the Examiner and Forbes, with new claims that they extracted information from department computers before encrypting them and locking Muni out.
“I hope Company Try to Fix it Correctly and We Can Advise Them But if they Don’t , We Will Publish 30G Databases and Documents include contracts , employees data , LLD Plans, customers and … to Have More Impact to Company To Force Them to do Right Job!,” Saolis wrote in an email sent to the media.
The hackers, who acknowledged they do not reside in the United States, did not specify what they meant by “LLD Plans.”
According to a list, obtained by Hoodline, of Muni’s machines currently encrypted by the hackers, Saolis likely has control of the department’s payroll service, email servers, Quickbooks, several MySQL database servers, and personal computers for hundreds of employees…(more)