Follow Us on WhatsApp | Telegram | Google News

San Francisco Rail System Hacker Hacked

Table of Contents
On Friday, San Francisco Municipal Transportation Agency's system were compromised by an unknown hacker and infected with ransomware. Hacker displayed a following message - " You Hacked. All your data are Encrypted" on every station terminals.

Hacker have demanded 100BTC for the private key, by which all Encrypted files can be open.

On Friday, The San Francisco Examiner reported that riders of SFMTA’s Municipal Rail or “Muni” system were greeted with handmade “Out of Service” and “Metro Free” signs on station ticket machines. The computer terminals at all Muni locations carried the “hacked” message: “Contact for key ([email protected]),” the message read.

But here a tweaks comes.....! Hackers who hacked SFMTA's system have himself got hacked.

Popular cyber security expert and
journalist blog KerbsonSecurity  have reported that an unknown security researcher have hacked the SFMTA hacker's email account.

The researcher, who has asked to remain anonymous, said he compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s email password. A screen shot of the user profile page for [email protected] shows that it was tied to a backup email address, [email protected], which also was protected by the same secret question and answer.

Research said that, Hacker frequently change his Bitcoin address and Bitcoin wallets every few days or weeks. “For security reasons” he explained to some victims who took several days to decide whether to pay the ransom they’d been demanded. A review of more than a dozen Bitcoin wallets this criminal has used since August indicates that he has successfully extorted at least $140,000 in Bitcoin from victim organizations.

Researchers said he tried to hack another email of hacker, [email protected],” and that this email address is tied to many search results for tech help forum postings from people victimized by a strain of ransomware known as Mamba.

Kerbs mentioned that 
Messages sent to the attacker’s [email protected] account show a financial relationship with at least two different hosting providers. The credentials needed to manage one of those servers were also included in the attacker’s inbox in plain text, and my source shared multiple files from that server.
Source: KerbsonSecurity
Read Also
1 comment
  1. Blogger
    If you're searching for the #1 Bitcoin ad network, visit MellowAds.