Cyber criminals have reportedly compromised the corporate IT system of the Sacramento Regional Transit District (SacRT), deleting internal operations data. SacRT is the sole operator of local public bus and tram services in the Sacramento area of California, but reports suggest services were unaffected by the breach.
The attack began when hackers defaced SacRT’s website, stating that they were “good hackers” seeking to help the organisation fix website vulnerabilities and requested SacRT contact them. When contacted, the attackers said they had access to corporate systems and demanded $7000 worth of Bitcoin be paid to prevent deletion of data. SacRT refused to pay the ransom resulting in approximately 30% of its data being deleted. This affected the organisation’s internal operations including the ability to dispatch employees and assign buses to routes.
SacRT was able to make use of backups to restore the deleted data. The organisation also took down its website and shut down systems used to process credit card payments as a precaution. Passengers were still able to pay fares using cash and through SacRT’s mobile app that is hosted separately on a cloud-based system. It is reported that customer data was unaffected by the breach and that no data was stolen.
This incident demonstrates how quickly cyber attacks can escalate. It is important to maintain secure backups of business critical data to ensure organisations are able to recover from a range of incidents including a data deletion attack or ransomware.