Late on November 25th, the San Francisco Municipal Transportation Agency (SFMTA), which operates the municipal rail system in San Francisco, referred to as “Muni” was hacked when an SFMTA employee unwittingly clicked on a link in a phishing email and downloaded ransomware that locked and encrypted all of the SFMTA computer systems.  The hacker, who is thought to be Iranian, demanded a ransom of 100 bitcoins which is approximately $73,000 or he would destroy the data.  The SFMTA is refusing to pay the ransom and has indicated that it has backed up the encrypted data which, it says will be restored shortly.

Meanwhile, according to security research Brian Krebs, a white hat hacker hacked into the email of the original hacker and managed to take over the original extortionist’s email account by answering the extortionists security question.  The email account provided evidence that the hacker had been active in installing ransomware and obtaining ransom payments from numerous companies.


There are a number of lessons for all of us as individuals to learn from this incident.  First and foremost is to install and maintain good security software including software that will help defend you against phishing emails.  However, no security software is totally effective against phishing emails, so you never click on links in any email unless you have absolutely confirmed that the email is legitimate.  Second, you should back up all of your data either in the cloud or on a portable USB hard drive to protect yourself from the danger of ransomware. Finally, in regard to security questions, which when answered give someone the ability to change your password, you should use a nonsensical answer to the question so it cannot be guessed or obtained through research about you.  For instance, if the question is what is your mother’s maiden name, you might make the answer “firetruck.”  You will remember it because it is so silly, but no one will be able to guess it by going through online data bases or social media.