Hamas hits Israeli soldiers through WhatsApp
infosec

Hamas hits Israeli soldiers through WhatsApp

Using the popular WhatsApp messaging application, Hamas is trying to hijack soldiers of the Israeli army to gain access ...
Read More
infosec

DoppelPaymer: The new ransomware coming from BitPaymer

Some security researchers, specializing in malware, have discovered a new ransomware, which they called DoppelPaymer. DoppelPaymer ransomware is used ...
Read More
infosec

The iOS URL Scheme allows app-in-the-middle attacks

Some security researchers have discovered a new app-in-the-middle attack, which allows for a malicious app installed in iOS ...
Read More
infosec

Hacker stole data from millions of Bulgarian citizens and sent them to the media

A new data breach incident came to light. A mysterious hacker (or group of hackers) managed to steal millions of personal data ...
Read More
infosec

Local governments target global cybercrime!

Cybercrime is a threat that plagues the modern world and now focuses its attention on larger goals such as ...
Read More
Latest Posts

The ultimate end: Hacked the hacker of San Francisco MUNI

San Francisco Municipal Transport Organization (MUNI) was violated and contaminated with ransomware last weekend by a hacker calling himself Andy Saolis.

Because of the attack, all passengers could make free metro routes, and the hacker asked 100 Bitcoin ($ 73.000) ransom to remove the malicious software, threatening to leak 30 GB files containing customer information, contracts and employees.

And yet, it seems that Andy Saolis was not as careful as you would expect from a hacker. A security researcher has managed to break his e-mail address and find out what will be useful during the investigation.cyber-security hacker

The blog Krebs On Security reports that the security researcher who wanted to maintain his anonymity was able to access the hacker's email address, just guessing the answer to a secret question he was using. With a password reset it was able to take full control of the account.

A message that existed in the envoy file shows that the hacker actually contacted MUNI officials at 25 in November to report the violation and ask for a ransom.

The message said:

"If you are in charge of MUNI-RAILWAY! All your Servers / Server in the MUNI-RAILWAY domain were encrypted with AES 2048Bit! We have 2000 decryption keys! Send 100BTC to my Bitcoin Wallet, and then we will send you the decryption key for all your disks and the server !! "

The messages in the hacker's mailbox showed that this hack was not the first. From other violations and attacks with ransomware it appears that the hacker had received 140.000 dollars in Bitcoin.

It goes without saying that the account can be used by researchers to learn the real identity of Andy Saolis, and the KrebsOnSecurity blog notes that there are some emails from hosting providers. The passwords for some of the hacker's hosting accounts were saved in plain text, so access to these servers is also possible.

Meanwhile, MUNI claims it has removed the malware from its systems and that its data is safe, despite Andy Saolis's claims that he was in the hands of 30 GB files.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *