The San Fran Muni Ransomware Attack: What Really Happened and What We Learn from the Criminal Who Himself Got Hacked

Webinar Registration

Forget the ransom – ransomware is expensive no matter what. If you do pay the ransom it's likely just a fraction of the overall cost. Let's take the recent hack of the San Francisco Municipal Transportation Agency (SFMTA). The attacker, operating under the pseudonym Andy Saolis, is nowhere close to high-end of sophistication and while “he” failed to make SFMTA pay the ransom – the incident must be costly for SFMTA considering:

  • Time spent by IT and cyber security staff on assessment, tactical response, remediation and reporting
  • Time spent on the matter by management and PR-staff as well as lost productivity by non-IT staff
  • Hard cost of lost revenue. Some of the systems shutdown as a precautionary measure included ticket machines. We don't know the exact figure but considering that reports from earlier years put fare revenue at about $200 million a year. A few days of free rides adds up.
  • Companies usually hire cybersecurity experts in cases like this and that kind of consulting isn't cheap

And this is the cost of a failed ransomware attack where the victim was better prepared than many. According to SFMTA, the actual ticket machines weren't compromised but were shutdown as a precautionary measure. Interestingly, neither was the attacker, who in an ironic twist, was himself hacked. We learn a lot from this hack and the details made public from the criminal's email account. We'll see what his normal m. o. is. Who he normally targets. What his range of extortion fees are. The technology he uses and much more.

SFMTA was better prepared than many but still not prepared well enough. Backup are the last resort control for ransomware threats. Backups are neither a detective nor prevent control.

Restoring from backups is a disaster-recovery control. Let's talk about how to stop things from reaching disaster level in the first place.

Among the different types of malware, ransomware is by far the easiest to detect if you have the right technology that knows what to look for. And ransomware like that used in this run-of-the-mill attack is also easy to prevent if you don’t allow your systems to execute every program that comes their way.

We will look at how User Entity Behavior Analysis can detect Ransomware while it's still gaining a foothold on your network and before it reaches critical mass and encrypts the lion's share of your data or effectively denies service to mission-critical systems. UEBA is log monitoring on steroids as you'll see from Exabeam. And we'll look at the key prevention technology that works against all types of malware – not just ransomware: application control. On the prevention-side, application control is the technology whose time has come as we'll see from HEAT software.

Register for this real training for free event now!

First Name:   
Last Name:   
Work Email:  
Job Title:  
Zip/Postal Code:  
Company Size:

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.



Additional Resources