I’m sorry to modify the home page, i’m good hacker, i I just want to help you fix these vulnerability. This is one of the loopholes, modify the home page....Technicians accessed the agency's system shortly thereafter to evaluate the extent of the attack's damage. It was around that same time that the criminals gained access to SacRT's virtual servers and erased some of their data. Fortunately, this action did not pass unnoticed by the entity's security systems. Chief Operating Officer Mark Lonergan said the Sacramento Regional Transit sprang into action:
We caught it early (Sunday) morning. We took all our systems offline. We are restoring everything now and bringing it up online.It also reached out to its Twitter followers notifying them of possible issues they might experience along their commute. https://twitter.com/RideSacRT/status/932295992682037248
Please be advised, SacRT has been the victim of a cyber ransom attack. Fortunately, the damage to our network was limited, and no personal data was compromised. This was only an attack on our business operations in an effort to extort money. SacRT’s IT team is working to restore the network, but the website will remain off-line until the entire system has been scrubbed for malware. As our IT team verifies applications and services are "safe" they will be brought back online. Connect Cards will continue to function on the system, but there will be no access to online accounts. The Customer Service Sales Center will be open for business, however credit card transactions are unavailable at this time. Light rail and bus operations have not been impacted, but passengers will be unable to retrieve schedule information until the website is brought back online. We thank you in advance for your patience as we work through this challenge.Since posting that statement, SacRT has reactivated its website, and it's brought both its Connect Card and financial application systems back online. The agency is now cooperating with the Department of Homeland Security on an investigation into this incident. SacRT isn't the first transit agency to experience a ransom-based attack. In November 2016, the San Francisco transport system suffered a ransomware attack that prevented it from charging commuters for riding its rail and bus lines. Given attackers' increasing focus on the transportation industry and other critical national infrastructure, it's important that organizations back up their data against destructive ransom-based attacks. They should also harden their networks by implementing foundational security controls. To learn how Tripwire's solutions can help your organization implement those security measures, click here.