Ransomware security attacks hit the San Francisco Municipal Transportation Agency, known as Muni, over Thanksgiving weekend, when a hacker got into Muni’s Metro rail ticketing and email system.

On Friday, Nov. 25, Metro light rail train riders were faced with a ticketing screen that read “You Hacked, ALL Data Encrypted.” As a precaution, the agency turned off its ticket vending machines and fare gates and gave light rail riders free trips on Friday evening and Saturday. The ticketing and email networks were separate from the train control and safety systems, and other parts of the Muni system operated normally. According to the Wall Street Journal, security experts believe this is the first successful ransomware attack against a transit agency.

Fortunately the agency had a backup, and the internal IT team was able to restore the system by Sunday. The hacker had demanded payment of 100 Bitcoins, worth about $73,000, as reported by the San Francisco Examiner. The agency did not consider paying the ransom.

Ransomware Security Attacks Big Business

This ransomware attack was the latest incident in which a hacker was able to lock up a computer network and demand payment for the key. The FBI has predicted that ransomware will be a $1 billion cybercriminal business, as hackers increasingly exploit vulnerabilities in networks.

Although organizations under attack may feel like they’ve been specifically targeted, that’s usually not the case. Hackers frequently have many different phishing operations, and the attack begins once an employee clicks on a malicious link or email attachment, giving the hacker free run of the system.

According to Reuters, the FBI reported that ransomware victims paid $209 million in the first three months of 2016, up from $24 million for all of 2015. However, network downtime and the loss of productivity is typically a higher cost than the ransom demand. For example, the Wall Street Journal reported that the San Francisco Muni attack also disrupted 900 of the agency’s workstations, which prevented employees from accessing email and the payroll system, forcing them to manually log working hours. Overall, 72 percent of infected business users reported that they couldn’t access data for at least 48 hours following a ransomware outbreak, and 32 percent were locked out for five days or more.

Key Security Steps

As transportation and government systems become more interconnected, they also become more vulnerable to security attacks. In order to reduce exposure to ransomware, the transportation industry should take the following steps:

  1. Train employees to be suspicious of emails with links and attachments and to flag any emails that seem strange.
  2. Create secure, off-site, real-time backups that allow for mass file restoration.
  3. Develop a centralized patch management system to update all operating systems, software and firmware as vulnerabilities are discovered.

It only takes one click on the wrong link in an email to open the doors to security attacks that could cost an organization thousands or millions in lost business and productivity. But implementing the appropriate security precautions will protect your organization from ransomware and ensure the safety of your data.

With ransomware attacks becoming increasingly common across industries, follow these steps to protect your business.