The Sacramento Regional Transit (SacRT) public transportation agency was forced to shut down its website due to a security breach that took place on Saturday, November 18.
The shutdown happened after an unknown hacker had breached its server and defaced the agency's portal with a message that read:
The hacker also tried to extort the company for 1 Bitcoin, worth $7,000 over the weekend. When the extortion attempt failed, the hacker deleted around 30% of the files it found on SacRT's server.
According to Sacramento local press [1, 2, 3], SacRT's public transit operations were not affected by the incident, and the agency continued to operate through the downtime. Employees reverted back to using pen and paper to manage daily operations.
SacRT said it was working to restore the deleted files from backup and was expected to restore its site and adjacent systems by Tuesday. At the time of writing, the agency's website is still down.
One year ago, in November 2016, the San Francisco Municipal Railway public transportation system was hit with the HDDCryptor (Mamba) ransomware. Because the ransomware affected the San Francisco agency ticketing systems, locals were permitted to ride trains for free for a few hours.