Last Friday, the day before it was scheduled to play a football match against West Bromwich Albion, Manchester United revealed that it had fallen victim to a cyber attack.
What Manchester United chose not to do is give any details of the “cyber attack” it had suffered.
Despite the lack of information offered in the press release, I wouldn’t be surprised if Manchester United had been hit by ransomware.
Certainly, Manchester United’s statement that after spotting the attack they “shut down affected systems to contain the damage and protect data” sounds very much like the football club’s systems had been hit by ransomware and that it had taken measures in an attempt to prevent further data from being encrypted.
Of course, no one wants to admit that they’ve been outmanoeuvred by an opponent that they should have given a good drubbing to, and so Manchester United plays the familiar card of describing the attack as “sophisticated”:
“Although this is a sophisticated operation by organized cyber criminals, the club has extensive protocols and procedures in place for such an event and had rehearsed for this risk. Our cyber defenses identified the attack and shut down affected systems to contain the damage and protect data.”
“Club media channels, including our website and mobile app, are unaffected and we are not currently aware of any breach of personal data associated with our fans or customers. All critical systems required for matches to take place at Old Trafford remain secure and operational and tomorrow’s game against West Bromwich Albion will go ahead.”
It’s obviously good news if fans’ personal information hasn’t been breached (lets all cross our fingers that that is indeed the case), but if the attack was truly “sophisticated” wouldn’t it be helpful to share just a little information about what type of attack they have suffered?
I realise they may not know yet the ins-and-outs of precisely what occurred (although they do, apparently, know enough to describe the attack as “sophisticated”), but wouldn’t it be helpful not just to the other seventy-odd teams in the English Football League, but to thousands of companies around the world to have some detail of what has happened?
Currently it’s the equivalent of a football match being played in an impenetrable pea souper. We know that something has happened, we may even have heard the blowing of a whistle as goals are scored, but we have no way of knowing who has won or what might have happened due to a thick fog hiding everything from view.
The Information Commissioner’s Office (ICO) has been informed about the incident, and Manchester United says it is working with expert advisers to investigate what occurred, and “minimise the ongoing IT disruption”.
Minimize ongoing IT disruption? That really sounds like ransomware, doesn’t it?
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
3 comments on “Manchester United versus a “sophisticated” cyber attack”
Score A+ for knowing that there are 70+ clubs in the English Football League (it's actually 72). But, reduce that to a D- for thinking that Manchester United are one of them.
Mike – You beat me to it !! Although one can only hope…. :-)
Ahh. Yes. Well…
The reason I make these kind of deliberate mistakes is to see if anyone is out there actually reading…