A cyberattack suffered by the Sacramento Regional Transit District over the weekend erased millions of files from its computers and curbed operations within California’s capital city.
The website for Sacramento Regional Transit (SacRT) remained offline Tuesday morning after it was hacked three days earlier as part of a multi-pronged attack that briefly sidelined internal operations and limited riders from using their credit cards to purchase fares.
The agency said it first learned its website was breached after it was defaced to display a message Saturday reading: “I’m sorry to modify the home page, i’m good hacker, i I just want to help you fix these vulnerability.”
SacRT’s technicians subsequently checked the system for damages and realized its data was being erased in droves, according to Mark Lonergan, the agency’s deputy general manager.
“We actually had the hackers get into our system and systematically start erasing programs and data,” Mr. Lonergan told Sacramento’s CBS13.
No personal data was compromised, according to the SacRT, but the attack erased about 30 million files and forced the agency to take several of its computer systems offline, the CBS affiliate reported.
The outages affected the agency’s ability to dispatch employees and assign buses for routes, and prevented riders from using credit cards to add funds to their pre-paid Connect Cards, The Sacramento Bee reported.
The hacker or hackers responsible sent SacRT a Facebook message Sunday morning threatening to keep attacking unless paid a ransom in Bitcoin worth about $8,000, but the agency was already aware of the scope of the assault and ignored the demand, Mr. Lonergan told The Bee.
“This was only an attack on our business operations in an effort to extort money,” SacRT said in a statement Monday.
SacRT’s Connect Card system and internal financial application system were back online and fully operational as of Monday evening, “but passengers will be unable to retrieve schedule information until the website is brought back online,” the agency said on Facebook.
“SacRT staff is working with the Department of Homeland Security on the investigation,” the agency said.
The DHS working with Sacramento Regional Transit to protect their system and mitigate any effects, an official told The Washington Times
The San Francisco Municipal Railroad, “Muni,” was similarly affected last November after hundreds of its computers were infected with ransomware, a strain of malicious software that typically encrypts vulnerable computer systems and holds their data hostage until the perpetrators are paid.
Muni “never considered paying the ransom,” the agency said at the time, and instead it decided to turn off ticket machines and fare gates to let customers ride for free and “to minimize any potential risk or inconvenience.”
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.