SAN FRANCISCO (KGO) -- Hundreds of computer terminals at San Francisco Muni are still not working after a massive cyber attack.
RELATED: Muni computer hack caused payment machines to shut down
Hackers demanded thousands of dollars to unlock those computers. The transit agency has refused, and now federal investigators are involved.
The SFMTA says it has contained this weekend's attack, and the most important systems like automated train controls were not affected.
"It did not impact transit service or safety to the system," said SFMTA spokesperson Paul Rose. "And we're encouraged that it doesn't appear that customers' information was breached."
The Department of Homeland Security and the FBI are now investigating.
Winston Crone is with a private cyber security firm called KIVU Security Consulting in San Francisco. He is familiar with the hackers who have claimed responsibility for this attack.
He says the SFMTA may be recovering from this for some time. "I would be surprised if they were fully operational within a week and that was if they knew what they were doing," Crone said. "I think there is some significant problems behind the scenes."
Crone believes the hackers are likely Eastern European and probably hoped to make some money off the attack. We contacted the group through the email they published on Muni booth monitors.
In a response they said they did not target Muni's transit systems, but warned those computers could be vulnerable to other attackers.
One of Muni's employees may have accidentally invited this ransomware attack.
"It appears that someone may have clicked a link on a web page or on an email that really invited the virus into the system," said Rose.
Muni riders voiced their concerns. "Scary, because what if you're on the train and they decide to shut the trains down in the middle of the tube," said Pacifica resident Carol Hansen.
"As long as they don't take any money from my debit card or my Clipper Card it's alright," said another rider.
According to SFMTA, the firewalls protecting their most critical systems worked.
SFMTA says Muni hack could have been 'invited' by accidental click