INCIDENT: San Francisco Municipal Transportation Agency Hit by Ransomware

During the Thanksgiving weekend, the San Francisco Municipal Transportation Agency, sometimes called Muni or SFMTA, was the victim of a ransomware attack that affected internal computer systems including email and ticketing. It used backup data to restore most of the affected system in the next few days, minimizing the attack's impact. The hacker's goal was to extort 100 bitcoins ($73,000) from the SFMTA for the release of its systems. SFMTA denied paying the ransom and restored its systems on its own. It reportedly lost up to $50,000 in uncollected fees by the time systems recovered from the attack.

Incident Date

November 26, 2016


United States

Estimated Cost


Type of Malware:

No Malware identified

Threat Source:

No threat source identified


  • The San Francisco Public Transit Ransomware Attack: What We’ve Learned
  • Ransomware Crooks Demand $70,000 After Hacking San Francisco Transport System



Pin It on Pinterest

Scroll to Top
Scroll to Top