Merseyrail Likely Hit by Lockbit Ransomware
UK Rail Network Merseyrail Confirmed That It Was Victim of a Cyberattack After a Ransomware Gang Used Their Email System.
Merseyrail is one of UK’s rail network providers. The rail network became recently the victim of a ransomware attack lead by Lockbit. The threat actor used the Merserayl email system in order to email employees and journalists about the attack.
We can confirm that Merseyrail was recently subject to a cyber-attack. A full investigation has been launched and is continuing. In the meantime, we have notified the relevant authorities.
The cyberattack was not been publicly disclosed, but a series of publications learned about the attack after receiving a strange email on April 18th with the mail subject, “Lockbit Ransomware Attack and Data Theft”.
It seemed that the attackers have taken over the Director’s @merseyrail.org Office 365 email account, thus impersonating him. In the email sent by the impersonator to employees, it was mentioned that a previous weekend’s outage was downplayed and that they suffered a ransomware attack where the hackers stole employee and customer data, whilst also including in the email a link to an image showing an employee’s personal information that Lockbit allegedly stole during the attack.
Merseyrail declared that an investigation is ongoing at this time and decided not to offer a lot of information.
It would be inappropriate for us to comment further while the investigation is underway.
The UK Information Commissioner’s Office (ICO) confirmed that Merseyrail made them aware of the “incident.”
Merseyrail has made us aware of an incident and we are assessing the information provided.
Unfortunately, in the past year, we were able to observe an increase in extortion tactics used against companies.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
If previously the ransomware attacks mostly consisted of threat actors stealing victims’ data and encrypting their files in order to force a ransom payment, now we see new and more efficient tactics developing.