Railway system is infected with ransomware; the amount of the ransom is still unknown

A representative of the British rail network Merseyrail confirmed that its computer systems were compromised by an unidentified ransomware group that even used its email server to send multiple messages to employees and journalists about the attack. It should be remembered that Merseyrail is a rail network in the United Kingdom that crosses the entire Liverpool region.

The email was sent from the Office 365 account of Andy Heath, director of the rail network. The message mentions: “I can confirm that Merseyrail was the subject of a dangerous cyberattack. The information has already been initiated and the authorities have already been notified.” This message was only sent to some members of the cybersecurity community.

The message mentioned at the beginning was sent to various media and Merseyrail staff, which cybersecurity experts attribute to taking control of the Office 365 account merseyrail.org. In this email the attackers would have gone through the director, informing railway line employees about the ransomware infection.

The message includes a link to an image with personal information from an employee that alleged hackers would have stolen during the intrusion. After multiple attempts to contact Merseryrail and confirm the attack, the transport company issued a statement Tuesday night: “It would be inappropriate to make additional comments while the investigation is ongoing,” the director said via a message sent to the BleepingComputer news platform.

Investigators also consulted the Information Commissioner’s Office (ICO), which confirms that the investigation is ongoing and more details will be revealed as appropriate for the parties involved. Because the investigation is still ongoing the cybersecurity community will have to wait for details such as the ransomware variant used in the attack or the amount of ransom demanded by the hackers to be revealed.

Ransomware operator groups continue to gain ground in the world of cybercrime, adopting new tactics as they attack ever larger targets. One of the most recent practices is the theft of confidential information before encryption to use as a form of extortion to victims. Other attack variants include the deployment of denial of service (DoS) conditions and other malicious scenarios.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.