Name That Domain: Metrorail System Held Hostage by Ransomware

Name That Domain: Metrorail System Held Hostage by Ransomware 864 486 CyberVista now N2K

This post is part of a series in which we pull security stories right from the headlines and discuss their relevance to the eight domains of the CISSP® exam. Read the previous post in this series here.

Down the Wrong Track

On Black Friday, San Francisco’s public metrorail riders were treated to an early holiday gift: free rides. The metrorail system – known as the “Muni” system – was locked down by a hacker (or team of hackers) who has yet to be identified. As a result of the hack, computer terminals were unusable, email servers became inaccessible, and monitors in station agent booths displayed a ransom message demanding 100 bitcoins (Some $73,000 USD) to restore service. From Friday to Sunday over the Thanksgiving weekend, trains carried passengers for free as the Muni system took their payment machines offline as a precautionary measure.
The San Francisco Municipal Transportation Agency worked to manually restore the affected computers, completing their task in time for the Monday morning commute and without paying the ransom. Having existing backup systems – as well as a capable IT team – meant that the Muni system could recover from the attack quickly. A representative from the agency stated, “We never even considered paying the ransom…”

Domain 8, Software Development Security

You will find information about ransomware attacks in Domain 8 of the CISSP® Exam, which covers software security. Ransomware is a special type of software that attempts to extort money out of its victims by holding their data hostage. Ransomware encrypts the victim’s data until a payment is made to the hacker. Today’s hackers preferred payment method is Bitcoin, an anonymous cryptocurrency. Once payment is complete, the hacker will reveal the secret key which can be used to decrypt the system or data.
In 2015, ransomware cost U.S. companies and individuals $1.6 million. This year, ransomware was responsible for a $209 million loss for U.S. companies, in just three months. The FBI estimates ransomware to be a $1 billion industry for hackers in 2016.
Ransomware usually infects a system through user error. As most CISSPs know, spearfishing emails are often used by cyber criminals to establish a foothold in victims’ networks. If an unsuspecting user opens a malicious link, then attackers are able to install malware such as ransomware. Organizations should train their employees to exercise data handling best practices and safe browsing behavior.  
There can be multiple consequences of noncompliance with a hacker’s demands. Hackers can continue to make the data unavailable indefinitely, destroy the data, or, if it’s sensitive information, they can release it to the public, or sell it on the blackmarket.

The Report on Public Transport

While the Muni system suffered only a weekend of lost revenue, IT security vulnerabilities are widespread in the nation’s public transportation systems and have the potential to do a lot of damage. Experts point to the industry’s aging, underfunded, and poorly maintained infrastructure as the primary cause for concern. Ransomware attacks, such as the one that temporarily crippled the Muni, are just the beginning: attackers could steal customer data, overwrite the system’s control software, or even cause physical damage.   
Companies can mitigate the risk of ransomware by implementing and maintaining proper anti-virus and anti-malware software, along with employee awareness training.
As a CISSP® (or even as you train to take the exam), you will have the technical knowledge to understand the complexities behind the headlines. Stay tuned for the next installment of “Name that Domain.”