The most concerning thing revealed so far about the cybercriminal attack on the San Francisco light rail system at the Thanksgiving weekend was that the virus was able to infect so much of the system, said cybersecurity experts.
Earlier reports said ransomware traveled from San Francisco Municipal Transportation Agency PC computers through the network to ticketing booths and forced the agency to temporarily run its service for free.
But according to an update from the San Francisco Metropolitan Transportation Authority said late on Monday, ticketing was not affected.
"The SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls," the authority said in a statement. "Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports - no data was accessed from any of our servers."
Speaking before the SFMTA statement, which gave more detail than previous statements on the nature of the attack, cybersecurity experts said the nature of the attack could possibly be a warning sign for other transport networks.
"There should be controls in place to segregate networks in such a way that these machines aren't connected with those that could infect them," said Tim Erlin, senior director, product management at cybersecurity company Tripwire.
Many other transportation networks are likely be vulnerable the same sort of attack, since the ransomware used attacks Microsoft Windows-based computers with outdated software, said Ed Cabrera, chief cybersecurity officer at TrendMicro.
The use of this strain of ransomware has spiked in recent weeks, security researchers said.