Hackers successfully encrypted over 2,000 servers and PCs that are used to run San Francisco’s Light Rail Transit system. The hackers demanded 100 bitcoin (~ $73,000 USD) for the key to decrypt the data. The attack mainly impacted e-mail and payroll systems, but agency shutdown their ticket vending machine as a precaution and allowed traveler to ride for free on the light rail system for most of the day Friday and all day Saturday. This was one of the biggest travel days of the season.
The attack was conducted using malware called HDDCryptor. It does not appear the the attackers were targeting the agency. They cast a wide net and found success in the vulnerable environment.
Although it may have taken the agency more time to get the systems back up and running and they probably lost more than $73,000 in ticket sales, I think it was the right move to resolve the issue without paying the ransom. They probably learned a lot about weaknesses in their environment and sent a strong message that they will not submit to the demands of these criminals.
link – http://www.forbes.com/sites/thomasbrewster/2016/11/28/san-francisco-muni-hacked-ransomware/#158b80fe54dd