MANILA, Philippines – Hackers attacked the computers of the San Francisco Municipal Transit Agency (SFMTA) over the weekend, threatening to not only keep SFMTA computers under their control, but also release sensitive data unless a ransom is paid.

In a November 27 Hoodline report, the attacker, going by the pseudonym Andy Saolis, said it had 2,112 machines under its control, and would not release the machines from its ransomware attack unless 100 bitcoins – around $73,000 – was sent to the attacker.

The compromised machines took care of a variety of functions such as payroll, email servers, Quickbooks, NextBus operations, MySQL database servers, staff training, and personal computers of some of its employees.

.@sfmta_muni giving free rides today because hackers shut down the computer system. Employee computers showing this pic.twitter.com/fvVnUayWVG

— KPIX 5 (@CBSSF) November 27, 2016

On Monday, November 28, the hackers made an additional claim, saying they had stolen 30 gigabytes of sensitive data from the SFMTA.

They promised to release it unless their ransom was paid. While the original deadline passed on Monday, Saolis sent a statement to some media outlets, with the new claim they had taken information from the computers before locking the SFMTA out of their computer systems.

The hackers did not provide proof they had stolen data to media outlets they had contacted about their new claim.

Department spokesperson Paul Rose told The Examiner Monday, “Personal information of Muni customers were not compromised as part of this incident.”

Rose added in a separate statement that the SFMTA is “working with the FBI to investigate and to help identify a suspect. We are also working with the Department of Homeland Security.”

SFMTA officials have repeatedly said they will not pay the ransom for the data. – Rappler.com