Public transportation users in San Francisco rode for free over the weekend, because online attackers managed to take most of the systems and ticket machines offline.

"You Hacked," read the message appearing on screens across the city’s transport network, "ALL Data Encrypted."  The message gave an email address from a Russian server, and demanded the payment of 100 Bitcoins, worth around AU$97,000.  Silicon Valley venture capitalist Mahendra Ramsinghani, who invests in early-stage security companies, said the San Francisco Municipal Transportation Agency (Muni) hack "has all the indications or symptoms of being a ransomware attack."

Unable to charge passengers, station workers just waved the people through, as ticket machines displayed the message "Out of Service" in flashing red LEDs.  The aging trams and light rail trains aren't dependent on the network, so they ran just fine and on schedule (by US standards).  San Francisco's famed Cable Cars still operate on the same late 19th Century cable and pulley technology, so no threat there.

"We are focused now on working to investigate the matter fully to find out all other details," said Muni spokesperson Paul Rose.  "But at this point there is no impact to transit service, to our security systems or to our customers' private information" which is on a separate system, he added.

But Mr. Ramsinghani wants to know more.  He describes 2016 as "the year of ransomware".  Typically, attackers worm their way into vulnerable systems such as schools, churches, and hospitals, encrypting information and making it irretrievable until the mark pays up.  An attack on a transit agency is rare.  Targets have paid more than US$1 Billion so far this year to free their vital information.

"It is the duty of an agency such as Muni to inform people of what they have discovered," Ramsinghani said.  "The fact that they have not stated anything tells me that there could be something deeper," he speculated.