Millions of Files Deleted After Ransomware Hit
On the evening of November 18, 2017, the Sacramento Regional Transit systems were hit with ransomware. The initial red flag was when the hackers defaced the Sacramento Regional Transit website. According to the Sacramento Bee, when visitors would attempt to access the website, they would instead get a notification stating,
“I’m sorry to modify the home page, i’m good hacker, i I just want to help you fix these vulnerability. This is one of the loopholes, modify the home page …”
Just hours later, employees found transit files were being deleted in mass amounts. By the time the systems were shut down, 30 million files had been deleted. Hackers then demanded a $7,000 payment to stop the destruction of additional files. However, instead of paying the ransom, the transit officials rebooted the systems which stopped further destruction.
Fortunately, the Sacramento Regional Transit backs up their files daily. Therefore, they are able to replace all of the lost files. Transit services were not disrupted during the ransomware attack, and it is not believed any of the files were taken by the hackers.
To see a full list of ransomware attacks that have taken place this year, you can click here. We have also created a map, see below, of the ransomware attacks that have taken place in the U.S.