Hackers are holding San Francisco’s MUNI light-rail system for ransom

Andrew Liptak
Getty Images

San Francisco Municipal Railway riders got an unexpected surprise this weekend after the system's computerized fare systems were apparently hacked. According to the San Francisco Examiner, the MUNI system had been attacked on Friday afternoon.

MUNI riders were greeted with printed "Out of Service" and "Metro Free" signs on ticket machines on late on Friday and Saturday. MUNI first became aware of the intrusion on Friday, according to the Examiner.

Computer screens at MUNI stations displayed a message: "You Hacked, ALL Data Encrypted. Contact For Key( ,Enter."

Reached by email, the hacker confirmed he was seeking a deal with MUNI to undo the damage:

we don't attention to interview and propagate news ! our software working completely automatically and we don't have targeted attack to anywhere ! SFMTA network was Very Open and 2000 Server/PC infected by software ! so we are waiting for contact any responsible person in SFMTA but i think they don't want deal ! so we close this email tomorrow!

In September, Morphus Labs linked a hacker by the same name to a ransomware strain called Mamba, which employs tactics similar to those demonstrated against MUNI.

This isn't the first California organization to face such an issue: earlier this year, Hollywood Presbyterian Medical Center discovered that its files were being held for a $3.6 million ransom. Ransomware attacks typically occur when a malicious file is downloaded onto a computer and executed. Once a victim pays the demanded ransom, the files will be decrypted.

In a statement, San Francisco Municipal Transport Agency (SFMTA) spokesman Paul Rose said: "There has been no impact to transit service, to our safety systems or to our customer's personal information. The incident remains under investigation, so it wouldn't be appropriate to provide any additional details at this point."

Follow CNBC International on Twitter and Facebook.

- CNBC contributed to this report.