Long the scourge of personal computers and small businesses, ransomware — like the virus that struck San Francisco Muni’s computer systems over the weekend — is becoming increasingly common among large corporations and public agencies are no exception, digital security analysts said.
Muni responded by giving free light-rail rides from Friday until 9 a.m. Sunday. The computer viruses, which lock users out of their own data until they agree to pay a ransom, can hit a company’s bottom line but aren’t likely a threat to public safety, experts said. That’s because most transit agencies keep critical systems that control trains offline and separate those systems from the networks employees use to access email or perform regular work, said Robert Capp, the vice president of business development for NuData Security, a digital security firm.
Muni riders in San Francisco were not at risk, and the hackers did not access data or breach payment systems during the attack that affected around 900 computer workstations on Friday, said Paul Rose, a spokesman for the SFMTA. As a precautionary measure, Cubic Transportation Systems, the company that operates Clipper cards, shut down the payment kiosks to prevent the malware from spreading, said Randy Rentschler, a spokesman for the Metropolitan Transportation Commission, which contracts with Cubic.
Similar to malware that can infect certain computer files, the ransomware must be “invited in” by someone on the network — presumably an unwitting employee who clicks a link in an email or on a website. Rose said that was the case on Friday.
It spread through the system’s Windows operating system, Rentschler said, though the SFMTA network team blocked it from spreading outside of Muni.
The agency was able to restore 75 percent of its infected workstations by Sunday night and on Monday were still working to restore the rest, Rose said. The attackers…