San Francisco Rail System Hacker Hacked

Share it:
On Friday, San Francisco Municipal Transportation Agency's system were compromised by an unknown hacker and infected with ransomware. Hacker displayed a following message - " You Hacked. All your data are Encrypted" on every station terminals.

Hacker have demanded 100BTC for the private key, by which all Encrypted files can be open.

On Friday, The San Francisco Examiner reported that riders of SFMTA’s Municipal Rail or “Muni” system were greeted with handmade “Out of Service” and “Metro Free” signs on station ticket machines. The computer terminals at all Muni locations carried the “hacked” message: “Contact for key (cryptom27@yandex.com),” the message read.

But here a tweaks comes.....! Hackers who hacked SFMTA's system have himself got hacked.

Popular cyber security expert and
journalist blog KerbsonSecurity  have reported that an unknown security researcher have hacked the SFMTA hacker's email account.

The researcher, who has asked to remain anonymous, said he compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s email password. A screen shot of the user profile page for cryptom27@yandex.com shows that it was tied to a backup email address, cryptom2016@yandex.com, which also was protected by the same secret question and answer.

Research said that, Hacker frequently change his Bitcoin address and Bitcoin wallets every few days or weeks. “For security reasons” he explained to some victims who took several days to decide whether to pay the ransom they’d been demanded. A review of more than a dozen Bitcoin wallets this criminal has used since August indicates that he has successfully extorted at least $140,000 in Bitcoin from victim organizations.

Researchers said he tried to hack another email of hacker, w889901665@yandex.com,” and that this email address is tied to many search results for tech help forum postings from people victimized by a strain of ransomware known as Mamba.

Kerbs mentioned that 
Messages sent to the attacker’s cryptom2016@yandex.com account show a financial relationship with at least two different hosting providers. The credentials needed to manage one of those servers were also included in the attacker’s inbox in plain text, and my source shared multiple files from that server.
Source: KerbsonSecurity
Share it:

Cyber Crime

Hacking

Ransomware

Post A Comment:

3 comments:

  1. If you're searching for the #1 Bitcoin ad network, visit MellowAds.

    ReplyDelete
  2. Earn free bitcoins at CLAIM BTC Faucet. Up to 57 satoshis every 20 mins.

    ReplyDelete
  3. You should remember that the most recommended Bitcoin exchange service is YoBit.

    ReplyDelete

Follow by Email