Muni subway ransomware attack: stopping ransomware dead in its tracks

Hacking, Cyber attack, Social Risk, Social Threat, Social Attack, Encryption, Mobile Security, DDoS, Cyber Security, Ransomware, Malware, Security, Privacy,

News about ransomware attack costing the San Francisco Municipal Transportation Agency an estimated $50,000 in fare revenue over the weekend highlights the impact that ransomware can have on systems as well as revenue streams of major institutions.

Because the Muni officials didn’t have a way to tackle the ransomware the only option the San Francisco Municipal Transportation Agency had was to leave open the fare gates for part of Friday and all of Saturday before reopening Sunday at 9 a.m. During that period, the agency lost $50,000 in fare revenue, but the agency said that their priority was security and safety of its customers and employees and so leaving open the fare gates was the only option at the time.

According to the agency, the person responsible for the ransomware attack demanded 100 bitcoin ($73,000), but the agency has refrained from paying the ransom. Currently both the Department of Homeland Security and the FBI are working with the transit agency in investigating the cyber attack.

Researchers develop a way to stop ransomware

Ransomware – what hackers use to encrypt your computer files and demand money in exchange for freeing those contents – is an exploding global problem with few solutions, but a team of University of Florida researchers says it has developed a way to stop it dead in its tracks. The answer, they say, lies not in keeping it out of a computer but rather in confronting it once it’s there and, counterintuitively, actually letting it lock up a few files before clamping down on it.

Researchers say their system is like an early-warning system and while it doesn’t prevent the ransomware from starting, it prevents the ransomware from completing its task and this means that victims lose only a couple of pictures or a couple of documents rather than everything that’s on their hard drive thereby relieving them of the burden of having to pay the ransom.

The team has developed a ransomware solution, which it calls CryptoDrop. The team ran their detector against several hundred ransomware samples that were live and their solution detected 100 per cent of those malware samples and it did so after only a median of 10 files were encrypted.

Further, CryptoDrop works seamlessly with antivirus software. The team currently has a functioning prototype that works with Windows-based systems and is seeking a partner to commercialize it and make it available publicly.