The rail industry has not escaped the giant cyber-attack that has hit 150 countries and more than 200,000 computers since Friday. The ‘WannaCry’ ransomware virus takes control of users' files and demands $300 (£230) payments in the digital payment Bitcoin to restore access. Although BBC reports indicate that only about $38,000 (£29,400) had been paid into these accounts by this morning, it is likely to increase further as the weeks goes on. This is believed to be the biggest online extortion attack ever recorded, disrupting computers that run factories, banks, hospitals, corporations and government agencies around the world. Rail was also targeted with German rail operators Deutsche Bahn confirming it had been hit on Friday. With shocking pictures across social media (see above) showed a number of DB train information monitors in stations displaying the ransom demand to unlock the computers. It appears that Chinese and Russian state railways were also among those targeted.
International efforts are under way to track down the perpetrators behind a cyber-attack which has crossed national borders with the United Kingdom’s government health service, French car maker Renault, Portugal Telecom, the US delivery company FedEx, petrol stations in China, and a local authority in Sweden were also affected. According to Kaspersky Lab, a Russian antivirus company, it was Russia that has been “hardest hit” with the virus infecting more computers there than anywhere else.
In Germany infected Deutsche Bahn computers had the with the "ransomware" message demanding money appearing on screens at train stations in front of concerned passengers. A DB statement reporting that - “Due to a Trojan attack there are system failures in various areas."
Reports in Russia list the rail network alongside domestic banks, the interior and health ministries among those attacked. Similar stories in China also exist, though the government is notoriously secretive when it comes to public announcements on security.
The perpetrators remain unknown, with reports indicating the ransomware is believed to be linked to an exploit (a computer code that takes advantage of a computer vulnerability) known to have been found by the USA’s National Security Agency (NSA). Originally planned to have used to hack terrorist and criminal accounts, much like a virus in the original sense of the world, once escaped it can be hard to contain.
In November 2016, San Francisco's Municipal Transportation Agency (SFMTA) was the victim of a ransomware attack demanding a $73,000 ransom in order to inlock its work stations, ticket machines and computers.
If your rail or metro network has been the victim of WannaCry then contact us today - Editor@GlobalTransportForum.com
For more stories like this on transport security and the cyber-security threat to rail and metro read: