I love how San Francisco’s metro system responded to its ransomware attacker

“Considering paying was never an option.”

Graham Cluley
Graham Cluley
@[email protected]
Backups - the best defence against ransomware (and other risks) | Graham Cluley

After the ransomware attack that messed up the San Francisco Muni Metro’s ticketing machines last weekend, things got back up and running again pretty quickly.

As SF Gate reports, Muni refused to negotiate with their attacker, preferring to restore from a backup instead:

For all Muni Metro passengers knew, the free rides they were getting Friday night and Saturday were a holiday gift from the transit system. Little did they know Muni was under attack from a hacker trying to squeeze $73,000 in ransom to unlock the agency’s computer systems.

Sign up to our free newsletter.
Security news, advice, and tips.

Muni refused to pay up. Instead, officials shut down the system’s ticket machines, threw open the fare gates as a precautionary move, and contacted the Department of Homeland Security and their own technology division to contain the attack, they said.

“Considering paying that ransom was never an option,” said Paul Rose, an MTA spokesman.

Ransomware message

If you have a secure backup, and if you have the systems in place to restore that backup in a safe, prompt fashion, then you shouldn’t need to ever consider paying the criminal who is attempting to extort money from you.

Of course, you need to make sure that you keep your backup safe. It may be that you wish to keep it at a different physical location, and you definitely don’t want to risk letting a ransomware infection hit your backup as well as your regular computers.

And remember this, as I explain in my video, ransomware isn’t the only reason you should have backups. Backups save your bacon when your hard drives fail, if you accidentally delete your important files, if your computer is stolen or lost, or if there your premises suffer a fire, flood or coffee spill.

Backups make sense. Sensible people make backups.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “I love how San Francisco’s metro system responded to its ransomware attacker”

  1. Matthew Johnson

    He is right, of course. Backups are important. SECURE backups! Now I wish software companies would make backup software flexible enough to do all he describes and work with multiple partitions and virtual machines!

  2. coyote

    'Backups make sense. Sensible people make backups.'

    Therein lies the problem: most people aren't sensible.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.