San Francisco's Light Rail system is the latest high profile example of a business falling victim to ransomware. Over the weekend the city owned transport company apparently lost control of its billing system, resulting in free rides for passengers.
How deep into the organisation the hack goes isn't known, with the Municipal Railway not commenting on the incident as yet. However the person responsible told The Verge that the company's network was "very open". That would suggest that everything from the staff payroll to routing systems and signal controls could be exposed. A far more scary prospect than the loss of a few fares.
Whilst San Francisco works to retrieve the situation it finds itself in, other companies who have failed to need the warnings of dozens of other high profile hacks need to get their heads down and address the weaknesses in their systems.
For some that will mean verifying that their existing controls are still robust and the assumptions around deploying them still valid. For others there will be an urgent need to complete exhaustive and lengthy review of the protections currently in place. There is also a group who need to pull the plug on their internet connectivity and address significant gaps in their solutions.
It sounds like SFMTA was in that latter group. It's too late for them, hopefully others will take this incident onboard and take some preventative measures.