The secure Sacramento Regional Transit website was still down Tuesday morning, the result of a weekend hack in which ransom reportedly was demanded in the form of bitcoin.
The agency said in a Facebook post that it was working with the federal Department of Homeland Security to resolve the cyberattack.
“Fortunately, the damage to our network was limited, and no personal data was compromised,” SacRT said in its social media post. “This was only an attack on our business operations in an effort to extort money. SacRT’s IT team is working to restore the network, but the website will remain off-line until the entire system has been scrubbed for malware. As our IT team verifies applications and services are ‘safe’ they will be brought back online. ... Light rail and bus operations have not been impacted, but passengers will be unable to retrieve schedule information until the website is brought back online. We thank you in advance for your patience as we work through this challenge.”
The Sacramento Bee reported: “The hackers announced their presence on Saturday when they ‘defaced’ the agency’s main webpage, putting up a note saying, ‘I’m sorry to modify the home page, i’m good hacker, i I just want to help you fix these vulnerability. This is one of the loopholes, modify the home page ...’
That message turned out to be a trap, SacRT Chief Operating Officer Mark Lonergan told The Bee. When technicians went into the SacRT system to check out the damage, it unleashed the attack Sunday morning that erased the virtual servers.
The hacker or hackers sent a Facebook message to SacRT Sunday morning demanding one bitcoin, currency whose worth soared above $8,000 on Monday. SacRT did not respond to that demand.
Lonergan said light rail and buses continue to run on a normal schedule. The trains and buses are run under control of an operator, with minimal automation, he said.
He said technicians estimate it could be several days before the agency’s system is fully restored. The agency then plans to bring in an expert “to review our vulnerabilities and make this less likely to happen again,” Lonergan said.
Some functions were available on the website today.
