Another notable service has fallen prey to a cyber attack. This time, the victim is the UK’s rail network Merseyrail that faced a ransomware attack. Lockbit ransomware gang disclosed the attack.
Merseyrail Suffered Ransomware Attack
Reportedly, the prominent suburban train service in Liverpool, UK, Merseyrail, has suffered a cyber attack.
According to Bleeping Computer, the service didn’t disclose the attack on its own in the first place. However, the news became public after the attackers – possibly, the Lockbit ransomware gang – disclosed the attack themselves.
For this, the attackers hacked Merseyrail staff’s email accounts and sent emails to UK news portals while impersonating the staff. For instance, Bleeping Computer received the email supposedly from Andy Heath, the Director of Merseyrail.
With the subject line “Lockbit Ransomware Attack and Data Theft”, the email content included the disclosure of the attack (apparently) from the service. Also, the email explained that the attackers have also stolen the data.
These emails began circulating on April 18, 2021. While it’s unclear as to when exactly the attack happened, Merseyrail has finally confirmed the incident. As per their statement to Bleeping Computer,
We can confirm that Merseyrail was recently subject to a cyber-attack.
Investigations Underway
Explaining further about the incident, Merseyrail confirmed to have started investigating the matter.
A full investigation has been launched and is continuing. In the meantime, we have notified the relevant authorities.
However, for now, they have refused to share any other details about when and how the attack happened, whether Lockbit really is behind this attack, if the attackers have stolen any data, and what the service has decided about paying the ransom.
It would be inappropriate for us to comment further while the investigation is underway.
However, the UK ICO has confirmed that Merseyrail has reported the matter to them.
Previously, Lockbit also targeted the Swiss firm Kopter in 2020. Since the victim didn’t pay the ransom, the attackers even started leaking the stolen data online.
Given this scenario, the attackers may likely have stolen data from Merseyrail’s network as well.