The hacker who hacked San Francisco mass transit got hacked himself

Over the weekend, San Francisco’s bus and trolley system, called Muni by locals, got hacked with ransomware

Muni computer screens read “You are Hacked. ALL Data Encrypted.”

Someone got into Muni’s computer system and threatened to lock its administrators out until they paid 100 bitcoin, or about $73,000, to the ransomer. Muni had to make all rides free on Saturday, although most systems are back in working order. 

The hacker is threatening to release 30 gigabytes of internal Muni data, however.

But in a stroke of irony, it turns out the person who hacked Muni ended up getting hacked himself, Brian Krebs reported on Tuesday morning. 

The ransom note had an email address ([email protected]) for Muni administrators to contact in order to arrange the payment. A security researcher was able to get access to that email inbox by guessing the answer to the hacker’s secret question, and leaked the inbox to Krebs. 

The stolen emails seen by Krebs even show the hacker had pulled off successful ransom heists before, at one point extorting about $45,000 from a U.S.-based manufacturing firm.

Other bitcoin wallets in the emails suggest the hacker had collected at least $140,000. The hacker had tried to extort several manufacturing and construction firms in the United States. 

The number could be higher because the hacker used several email addresses, some of which were not accessible. Krebs suggests the hacker may be from Iran.

If you’re worried about ransomware, you should make sure your systems are regularly backed up, and your backups are not on the same network as the systems they’re backing up. Here are some additional FBI recommendations about how to best deal with ransomware

The entire Krebs report is fantastic and worth a read as one of the best looks into this shadowy corner of the internet available today.

NOW WATCH: Here’s what happens when you block someone on your iPhone

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.