They used use the address Cryptom27@yandex.com. The malware in use was HDDCryptor Hackers declared they used software working completely automatically in untargeted attack.”It not only targets resources in network shares such as drives, folders, files, printers, and serial ports via Server Message Block (SMB), but also locks the drive”, Trend Micro researchers Stephen Hilt and William Gamazo Sanchez explained. The 2000 Server/PC of SFMTA was infected but Muni’s systems appear to have been cleaned. “There’s no impact to the transit service, but we have opened the fare gates as a precaution to minimize customer impact,” Muni spokesperson Paul Rose told to the media. Ransomware became a practice: in September, one of the malware operators, using the email address firstname.lastname@example.org, had acquired four payments of between $600 and $700.