On Friday afternoon, the day after Thanksgiving, the San Francisco Muni fare system was hit with a ransomware attack. 100 Bitcoin or approximately $74,000 was demanded by hackers. The attack infected over 2,000 computers, including office desktops, emails, print servers, payroll systems and more that all displayed “You Hacked, ALL Data Encrypted” on monitors.
The software used to hijack the computers is known as Mamba and affects Windows machines by encrypting their hard drives until unlocked by a certain password. Security experts say that the hackers used an automated system to send victims with links to malware or lured them into a malicious website.
References: Hackers Breached San Francisco’s Transit System and Demanded a Ransom | San Francisco Public Transit Hit With Ransomware Attack | Hackers Threaten to Release 30GB of Stolen Data From San Francisco's Municipal Railway
The Mirai worm is widely known and is affecting many internet service providers around the globe. It recently has affected the customers of TalkTalk. It was revealed that the D-Link DSL-3780 routers have been affected by malware and causing it issues to connect to the internet. To mitigate the issue, affected users are advised to reset the equipment, which forces it to install an update to protect against the attack and use the default wireless network name and password to get back online.
However, a security researcher has discovered that there is a follow-up attack by the same malware causing the router to disclose its Wi-Fi password and Service Set Identifier (SSID) code, potentially affecting approximately 55,000 routers. This means that even after users reset their routers, they are still at risk if they continue to use the same password as before.
TalkTalk is advising its customers to change their Wi-Fi passwords.
References: TalkTalk Wi-Fi Router Passwords 'Stolen' | TalkTalk Denies Customers' WiFi Passwords Were Stolen in Cyber Attack After Malware Blocks Users' Internet | TalkTalk and Post Office Customers Lose Internet Access as Routers Hijacked
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.