Logo Header Menu

Merseyrail likely hit by Lockbit ransomware attack

UK rail network Merseyrail has confirmed that it was hit by a ransomware attack, which is likely to have been initiated by the Lockbit ransomware gang Merseyrail likely hit by Lockbit ransomware attack image

The ransomware was confirmed by Merseyrail, which provides train service through sixty-eight stations in the Liverpool City Region, after its email system was found to have been used to email employees and journalists about the attack.

Using the subject line ‘Lockbit Ransomware Attack and Data Theft’, the emails were found to be from the account of Andy Heath, director of Merseyrail.

The message sent told employees that a previous weekend’s outage was downplayed, and that they suffered a ransomware attack where the hackers stole employee and customer data.

Included in an email was a link to an image showing an employee’s personal information that Lockbit allegedly stole during the attack.

In a statement to BleepingComputer, Merseyrail said: “We can confirm that Merseyrail was recently subject to a cyber attack.

“A full investigation has been launched and is continuing. In the meantime, we have notified the relevant authorities.”

The Information Commissioner’s Office (ICO) has also confirmed that Merseyrail made them aware of the “incident.”

Comparing different AI approaches to email security

Dan Fein, director of email security products at Darktrace, dissects the various AI approaches to email security utilised by businesses. Read here

In response, Paul Norris, senior systems engineer at Tripwire, said: “We should hope that Merseyrail is prepared to respond to ransomware, including the potential operational disruptions that come with that response. But while we tend to focus on the response to ransomware, prevention is still the best way to deal with the threat.

“Ransomware doesn’t magically appear on systems, and the methods by which it’s introduced into an environment are generally well understood: phishing, vulnerability exploits, and misconfigurations, which is why hardening systems helps to safeguard the integrity of your digital assets and protect against vulnerabilities.”

Brian Higgins, security specialist at Comparitech, commented: “This kind of extortion strategy is becoming ever more common in cases of ransomware. Not content with encrypting data and demanding money, criminals have caught on to the fact that if their successful breaches are made public before their victims can implement any incident response plans they have an extra layer of leverage to encourage payment more quickly.

“Whether it’s contacting potentially affected customers and/or staff, or notifying the media (both of which tactics appear to have been used in this case), the added pressure to resolve the issue can often force victim organisations to bypass security policies and pay up.

“It would appear that, in this particular instance, Merseyrail are holding their nerve and following industry standard protocols instead. It takes corporate courage to back up your data, inform the relevant authorities and keep hold of your cash.

“I hope Merseyrail come out of this successfuly and provide a case-study of good practice for future cyber crime victims.”

This article is tagged with: Cyber Attack, Malware, Ransomware

Latest news

divider
Data Storage & Data Lakes
Five tips for a smooth migration to PostgreSQL

Five tips for a smooth migration to PostgreSQL

7 May 2021 / Leading organisations are always looking to find different solutions for high-performance data replication and secure [...]

divider
Disruptive Innovation
Why payment providers are set to fly even higher with cloud automation

Why payment providers are set to fly even higher with cloud automation

7 May 2021 / Seismic shifts in shopping habits in 2020, as consumers looked to e-commerce for their everyday [...]

divider
Business Continuity
Can businesses exist if they are not in the cloud?

Can businesses exist if they are not in the cloud?

7 May 2021 / For global executives, the Covid-19 pandemic has accelerated the cloud migration process. In a press [...]

divider
Cybersecurity
What CIOs and CISOs learned from managing recent cyber attacks

What CIOs and CISOs learned from managing recent cyber attacks

6 May 2021 / Enterprises around the world are deluged by a flood of unprecedented cyber security threats – [...]

divider
Government & Public Sector
Mid-market companies will be the backbone of ‘Global Britain’

Mid-market companies will be the backbone of ‘Global Britain’

6 May 2021 / Much has happened since the UK launched its Industrial Strategy in 2017, but in the [...]

divider
Tech and society
The ethical implications of chatbots

The ethical implications of chatbots

6 May 2021 / Technology is a great enabler. The countless advancements ranging from self-driving cars to virtual reality [...]

divider
Automation
What’s the hype in hyperautomation?

What’s the hype in hyperautomation?

6 May 2021 / In its 2019 report ‘Move Beyond RPA to Deliver Hyperautomation’, Gartner pointed out a lack [...]

divider
Data Analytics & Data Science
Why your big data dreams can’t come true without AI

Why your big data dreams can’t come true without AI

6 May 2021 / During the Covid-19 pandemic, the volume of data generated by online activity has increased by [...]

divider
People Moves
Kantar appoints Alex Cesar to new chief technology officer role

Kantar appoints Alex Cesar to new chief technology officer role

5 May 2021 / Reporting to deputy CEO Ian Griffiths, new Kantar CTO Cesar will be responsible for defining [...]

Information Age

Pin It on Pinterest