Merseyrail, an England-based suburban rail network, has confirmed that it has become a victim of a sophisticated cyber attack and an investigation is in progress on this note. Highly placed sources say that the attack could have been launched by Lockbit ransomware gang that might have entered the computer network through a compromised email.
What’s interesting in this file encrypting malware attack is the fact that few of the employees from Merseyrail and some journalists from reputed publications received an email from the company with a subject line ‘Lockbit Ransomware Attack and Data Theft’ and essayed that some sensitive data was stolen in the incident.
FYI, the email account from which the alert was sent belongs to Andy Heath, Director of Merseyrail…..strange!
Information Commissioner’s Office was informed about the incident, and NCSC was also alerted about the issue.
Note 1- Merseyrail covers its services through 68 stations over 75 miles of route. It ferries around 110,000 passengers each day and over 34 million passengers per year making it a top rail service used by an urban populace in UK. Serco and Abellio in a joint venture are operating Merseyrail and were handed over the contract of 25 years in 2003 that expires in 2028. The company has a fleet of all-electric trains that are supposed to be replaced by new models by September 2021.
Note 2- Lockbit is a malicious software that allows hackers to steal data and then lock the database from access until a ransom is paid. The said malware spread started in Sept’19 and targeted organizations operating in United States, China, India, Indonesia, Ukraine, Germany and Europe.
