San Francisco’s transport agency has been hit by a hack attack which led to customers being able to travel for nothing.
The hackers have made a ransom demand of 100 Bitcoin, which amounts to about $70,000 (£56,000 ; €66,000).
As a precaution, staff shut off all ticketing machines on the network.
Computers across the city’s transport network, including at stations, were disabled with screens displaying a message from the attackers.
The message read: “You Hacked, ALL Data Encrypted. Contact For Key(email@example.com)ID:681 ,Enter”.
Yandex is a Russian internet company that, among other things, provides email and social networking tools.
The trains themselves were not affected – and city officials said a full investigation was underway.
“There has been no impact to the transit service, to our safety systems or to our customer’s personal information,” a spokesman told the BBC.
“The incident remains under investigation, so it wouldn’t be appropriate to provide any additional details at this point.”
The Municipal Transportation Agency – known as Muni – looks after trains, trams and buses around the city, including San Francisco’s iconic cable cars.
On Sunday, ticketing machines were back up – but it was not clear if the hack had been contained.
San Francisco news site Hoodline told the BBC the hacker had provided a list of machines he or she claimed to have infected in Muni’s network – more than 2,000 in total.
It appeared to include many employee terminals as well as machines that may be used to look after payroll and employees’ personal information.
The hacker told Hoodline on Sunday that Muni had “one more day” to make a deal.