Merseyrail is one of UK’s rail network providers. The rail network became recently the victim of a ransomware attack lead by Lockbit. The threat actor used the Merserayl email system in order to email employees and journalists about the attack.

We can confirm that Merseyrail was recently subject to a cyber-attack. A full investigation has been launched and is continuing. In the meantime, we have notified the relevant authorities.


The cyberattack was not been publicly disclosed, but a series of publications learned about the attack after receiving a strange email on April 18th with the mail subject, “Lockbit Ransomware Attack and Data Theft”.

It seemed that the attackers have taken over the Director’s Office 365 email account, thus impersonating him. In the email sent by the impersonator to employees, it was mentioned that a previous weekend’s outage was downplayed and that they suffered a ransomware attack where the hackers stole employee and customer data, whilst also including in the email a link to an image showing an employee’s personal information that Lockbit allegedly stole during the attack.

Merseyrail declared that an investigation is ongoing at this time and decided not to offer a lot of information.

It would be inappropriate for us to comment further while the investigation is underway.


The UK Information Commissioner’s Office (ICO) confirmed that Merseyrail made them aware of the “incident.”

Merseyrail has made us aware of an incident and we are assessing the information provided.


Unfortunately, in the past year, we were able to observe an increase in extortion tactics used against companies.

Heimdal Official Logo
Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.
  • Blocks any unauthorized encryption attempts;
  • Detects ransomware regardless of signature;
  • Universal compatibility with any cybersecurity solution;
  • Full audit trail with stunning graphics;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

If previously the ransomware attacks mostly consisted of threat actors stealing victims’ data and encrypting their files in order to force a ransom payment, now we see new and more efficient tactics developing.

Ransomware-as-a-Service (RaaS) – The Rising Threat to Cybersecurity

Heimdal Security – Nominated for Anti-Ransomware Solution of the Year

Leave a Reply

Your email address will not be published. Required fields are marked *