The Sacramento Regional Transit (SacRT) public transportation agency was forced to shut down its website due to a security breach that took place on Saturday, November 18.

The shutdown happened after an unknown hacker had breached its server and defaced the agency's portal with a message that read:

I'm sorry to modify the home page,i'm good hacker,i I just want to help you fix these vulnerability
This is one of the loopholes, modify the home page is to let you know there are loopholes, Not just this one loophole!
It's Very Dangerous!!please contact me as soon as possible
Please contact me email to help you fix these vulnerability:)
nesddjerfn@protonmail.com

SacRT defaced homepage

The hacker also tried to extort the company for 1 Bitcoin, worth $7,000 over the weekend. When the extortion attempt failed, the hacker deleted around 30% of the files it found on SacRT's server.

Sacramento public transport not affected in any way

According to Sacramento local press [1, 2, 3], SacRT's public transit operations were not affected by the incident, and the agency continued to operate through the downtime. Employees reverted back to using pen and paper to manage daily operations.

SacRT said it was working to restore the deleted files from backup and was expected to restore its site and adjacent systems by Tuesday. At the time of writing, the agency's website is still down.

One year ago, in November 2016, the San Francisco Municipal Railway public transportation system was hit with the HDDCryptor (Mamba) ransomware. Because the ransomware affected the San Francisco agency ticketing systems, locals were permitted to ride trains for free for a few hours.

Related Articles:

Mongo Lock Attack Ransoming Deleted MongoDB Databases

5 Examples of How Cheating in Fortnite Gets You Infected

Kraken Group Puts MongoDB Hijacking Script Up for Sale

California Voter Database Compromised in MongoDB Incident

Unsecured ElasticSearch Server Exposed Data on 1,133 NFL Players