Ransomware Hackers Delete 30M Files From Sacramento Regional Transit

Millions of Files Deleted After Ransomware Hit

On the evening of November 18, 2017, the Sacramento Regional Transit systems were hit with ransomware.  The initial red flag was when the hackers defaced the Sacramento Regional Transit website.  According to the Sacramento Bee, when visitors would attempt to access the website, they would instead get a notification stating,

“I’m sorry to modify the home page, i’m good hacker, i I just want to help you fix these vulnerability. This is one of the loopholes, modify the home page …”

Just hours later, employees found transit files were being deleted in mass amounts.  By the time the systems were shut down, 30 million files had been deleted.  Hackers then demanded a $7,000 payment to stop the destruction of additional files.  However, instead of paying the ransom, the transit officials rebooted the systems which stopped further destruction.

Fortunately, the Sacramento Regional Transit backs up their files daily.  Therefore, they are able to replace all of the lost files.  Transit services were not disrupted during the ransomware attack, and it is not believed any of the files were taken by the hackers.

Other Attacks

To see a full list of ransomware attacks that have taken place this year, you can click here. We have also created a map, see below, of the ransomware attacks that have taken place in the U.S.

(Visited 40 times, 1 visits today)

One thought on “Ransomware Hackers Delete 30M Files From Sacramento Regional Transit

  1. Ransomware infections have gotten absolutely out of hand. But, you’ve got to give kudos to the kid for having the guts to do something like this. “I’m a good hacker” Wow.

Leave a Reply

Your email address will not be published. Required fields are marked *