The infection impacted the servers of the Moscow Ropeway (MKD), a new agency set up to manage Moscow's re-built cable car line, a 720-meter long line that spans across the Moscow river and links the Luzhniki Olympic Complex and the observation platform on Sparrow Hills.
The infection took root on Wednesday, November 28, at around 14:00, local time, according to local news outlets, who first reported the incident [1, 2, 3], and Moscow's mayor.
MKD stopped all operations as soon as it realized what happened, bringing all 35 eight-seat cable cars to a halt. There were no reported injuries, and all cable cars were landed safely.
The agency's servers were subjected to a security audit yesterday, November 29, and the infection was removed. Cable car transports resumed today, according to a message posted on the MKD website.
Russian news sites also reported that authorities have identified the hacker who carried out the attack and that a criminal case was opened yesterday [1, 2, 3]. The hacker has not been arrested yet.
No details are known about the type of ransomware that infected the MKD's servers, or the size of the Bitcoin ransom demand.
This is not the first time that ransomware has interfered with a public transport system. An infection with the Mamba ransomware crippled public transportation in San Francisco in November 2016, and an infection with the SamSam ransomware impacted the Colorado Department of Transportation in February this year, an infection that eventually cost Colorado authorities $1.5 million to remove and clean.
Photos: Retro computer games that Eastern Europe played as Iron Curtain fell