IE 11 is not supported. For an optimal experience visit our site on another browser.

Who's Next, After San Francisco's Public Transit System Got Hacked?

When you think of cyber attacks, the last place you think of may be the ticket booth at the subway station.
When you think of cyber attacks, the last place you think of may be the kiosk where you buy your train ticket every morning.
When you think of cyber attacks, the last place you think of may be the kiosk where you buy your train ticket every morning.

When you think of cyber attacks, the last place you think of may be the ticket booth at the subway station.

Despite this, our infrastructure is still incredibly vulnerable, according to experts. And the threat is real — spanning from hospitals and police stations to corporate America.

"We haven’t seen a system that has proven to be immune or bulletproof at this point," Alex Rice, chief technology officer and co-founder of HackerOne, a bug bounty platform, told NBC News.

The Rise of Ransomware

The threat is so pervasive that the FBI even issued a warning in April, saying "Ransomware attacks are not only proliferating, they’re becoming more sophisticated."

The San Francisco Municipal Transportation Agency was the latest high-profile victim, when its computer systems were targeted by ransomware on Friday. Ransomware is a type of malware that holds computer files hostage, essentially rendering them useless until a payment is made to the attackers.

Related: U.S. Infrastructure Can Be Hacked With Google, Simple Passwords

Computer terminals in some Muni stations carried a message saying, "You Hacked."

As a result, commuters were treated to an early holiday gift with free rides for part of the weekend after transit officials decided to turn off ticketing booths and open up the turnstiles as a precaution. San Francisco MTA spokeswoman Kristen Holland said that while the hack didn't impact customer data, the MTA took the extra measures until they knew for sure that customer data hadn't been breached.

It caused a headache in the office, though, impacting 900 computers and the payroll system, according to Holland's updates.

Despite reports the hacker or hackers demanded a ransom of 100 Bitcoin ($73,000), Holland said SFMTA never even considered paying it; and the FBI advises against paying ransoms for fear it could embolden hackers and fund illicit activities.

Most computers were "up and running" Monday morning, Holland said, adding that "our information technology team anticipates having the remaining computers functional in the next day or two."

Related: Security Experts Say You Should Never Pay Ransomware Attackers

Who Is Behind the Attack?

How a hacker or group got into the SFMTA system or who is behind the attack remains unclear. A person or group claiming to be behind the attack has communicated with several media organizations, sending messages in broken English.

The alleged culprit also apparently received a taste of his or her own medicine when they were hacked, according to KrebsOnSecurity. Emails in the hacked inbox reportedly left a trail to other alleged victims.

In the case of SFMTA, the ransomware mostly encrypted data from office computers, as well as access to various systems, Holland said. "However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected."

Interrupting a major transit system for a weekend is no small feat, but San Francisco MTA has come out relatively unscathed compared to other organizations that have been targeted.

Hackers launching ransomware attacks tend to go after "low-hanging fruit, which is why you usually see smaller organizations impacted by this," Rice said.

Allan Liska, analyst at threat intelligence firm Recorded Future and author of "Ransomware: Defending Against Digital Extortion," told NBC News having a good backup is key for cities, organizations, and individuals faced with a ransomware attack.

Related: Ransomware Hackers Target U.S. Police Departments

"Unfortunately, finding that out [once] you have a ransomware attack is the wrong time," he said. "If you’re keeping a good backup, you wipe the system, reinstall the operating system, and then restore the backup."

Some of our aging infrastructure exists on isolated, old-school technology platforms. While they're still hackable, Liska said they're largely immune to the threat of ransomware.

But as more of that infrastructure moves onto 4G networks, it makes them more visible to hackers looking to take advantage.

How Ransomware Can Hold an Organization Hostage

Since 2013, hackers have hit police departments in at least seven states, holding their files hostage and destroying them if a ransom isn't paid. Some departments have paid and received decryption keys, allowing them to get their files back. Others have paid the price by losing valuable data.

"The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation," the FBI said in its April warning.

The Institute For Critical Infrastructure Technology echoed that, warning 2016 would be "the year ransomware holds America hostage."

"Ransomware is less about technological sophistication and more about exploitation of the human element," the report said. "Simply, it is a digital spin on a centuries-old criminal tactic."