Ransomware Hackers Delete 30M Files From Sacramento Regional Transit

Millions of Files Deleted After Ransomware Hit

On the evening of November 18, 2017, the Sacramento Regional Transit systems were hit with ransomware.  The initial red flag was when the hackers defaced the Sacramento Regional Transit website.  According to the Sacramento Bee, when visitors would attempt to access the website, they would instead get a notification stating,

“I’m sorry to modify the home page, i’m good hacker, i I just want to help you fix these vulnerability. This is one of the loopholes, modify the home page …”

Just hours later, employees found transit files were being deleted in mass amounts.  By the time the systems were shut down, 30 million files had been deleted.  Hackers then demanded a $7,000 payment to stop the destruction of additional files.  However, instead of paying the ransom, the transit officials rebooted the systems which stopped further destruction.

Fortunately, the Sacramento Regional Transit backs up their files daily.  Therefore, they are able to replace all of the lost files.  Transit services were not disrupted during the ransomware attack, and it is not believed any of the files were taken by the hackers.

Other Attacks

To see a full list of ransomware attacks that have taken place this year, you can click here. We have also created a map, see below, of the ransomware attacks that have taken place in the U.S.

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles