Home News UK rail network Merseyrail likely hit by Lockbit ransomware

    UK rail network Merseyrail likely hit by Lockbit ransomware



    UK rail community Merseyrail has confirmed a cyberattack after a ransomware gang used their e-mail system to e-mail workers and journalists concerning the assault.

    Merseyrail is a UK rail community that gives practice service by sixty-eight stations within the Liverpool Metropolis Area in England.

    “We are able to affirm that Merseyrail was lately topic to a cyber-attack. A full investigation has been launched and is continuous. Within the meantime, we have now notified the related authorities,” Merseyrail informed BleepingComputer yesterday after we obtained a mysterious e-mail earlier this month from the account of Andy Heath, the Director of Merseyrail.

    Ransomware gang makes use of Merseyrail’s e-mail system towards them

    Whereas the cyberattack has not been publicly disclosed, BleepingComputer realized of the assault after receiving an odd e-mail on April 18th from Heith e-mail account with the mail topic, “Lockbit Ransomware Assault and Information Theft.”

    This e-mail was despatched to BleepingComputer, numerous UK newspapers, and the workers of Merseyrail in what seems to be a takeover of the Director’s @merseyrail.org Workplace 365 e-mail account by the Lockbit Ransomware gang.

    On this e-mail, the risk actors pretended to be Merseyrail’s Director telling workers {that a} earlier weekend’s outage was downplayed and that they suffered a ransomware assault the place the hackers stole worker and buyer knowledge.

    Included within the e-mail is a hyperlink to a picture exhibiting an worker’s private info that Lockbit allegedly stole in the course of the assault.

    After quite a few makes an attempt to contact Merseryrail and ensure the assault, we lastly obtained the rail community’s assertion final night time.

    “It will be inappropriate for us to remark additional whereas the investigation is underway,” Merseyrail informed BleepingComputer after we questioned how the Director’s e-mail was compromised.

    In response to our queries, the UK Info Commissioner’s Workplace (ICO) additionally confirmed that Merseyrail made them conscious of the “incident.”

    “Merseyrail has made us conscious of an incident and we’re assessing the data offered,” the ICO informed BleepingComputer by way of e-mail.

    Ransomware gangs aggressively extort victims

    Over the previous yr, ransomware gangs have turn out to be more and more aggressive of their extortion ways.

    Previously, ransomware assaults consisted of risk actors stealing victims’ knowledge after which encrypting their recordsdata to power a ransom cost.

    Over time, the risk actor’s ways have escalated to performing DDoS attacks on victims’ networks and web sites, emailing customers and journalists, and threatening to contact stock exchanges.

    Sadly, whereas these assaults are ongoing, the staff and prospects are normally the final to know what is occurring with their knowledge and group.

    Utilizing a sufferer’s e-mail system to advertise their assaults to each workers, journalists, and prospects might flip that on its head.

    Source link