Ransomware attack affects Moscow’s New Cable Car System a few days after it opened

The first cable car service was opened in Moscow recently, and has promised free rides to the people in the first month of its launch. However, a few days after the cable car service was started, a hacker infected computer systems of the newly launched cable car system of Moscow with ransomware. The hacker, in return, demanded ransom payment in the form of bitcoins for decrypting the files that was needed to get the cable car back to operation.

As per agency interlocutor, "a message was received from an unknown person on the head computer of the Moscow Cable Cars operating company requesting to transfer bitcoins to him in exchange for decrypting all the electronic files of the computer that is responsible for the cable car operation".

According to the report by TheMoscowTimes, police officers had to explain the eager passengers waiting just to take free ride that the cable car operation was stopped because of technical reasons. "A video on the Rossiiskaya Gazeta government daily's website showed a police officer telling people waiting in line that the cable car would not reopen for technical reasons."

The impact of the infection was such that it impacted servers of MKD (Moscow Ropeway), a new agency that has been set up for managing the re-built cable car line of Moscow. The cable car line is 720 meter long that spans across Moscow River, and connects Luzhniki Olympic Complex to Sparrow Hills' Observation platform.

As per Moscow's Mayor and the local news outlets, who were the first to report about this incident, the cable car system got infected on November 28, 2018, at around 14:00 hours (Moscow local time).

The Moscow Ropeway stopped all its operations immediately after realizing that its computer system has been infected by ransomware, thus stopping all the 35 cable cars which are eight-seated. No injuries were reported, and all the cable cars landed safely. On November 29, 2018, the servers of the agency went through a security audit and the infection has been safely removed. As per a message that was posted on MKD website, the cable car transports have been resumed on November 30, 2018.

The ransomware type that infected MKD servers is still not known. As per the Russian news sites, the authorities have identified the person (i.e. the hacker) behind this ransomware attack. The arrest of the hacker is still not made.

» SPAMfighter News - 12/17/2018