Here’s a weird one.
Bleeping Computer reports that Merseyrail, the railway network serving Liverpool and the surrounding area, has been hit by ransomware.
So far, so not extraordinary.
But what makes this story somewhat different is that Lawrence Abrams at Bleeping Computer says that the first he knew of Merseyrail being attacked was when he (alongside various British newspapers and staff of the transport service) received an email on April 18 seemingly sent from the account of Merseyrail managing director Andy Heath.
The email, with the subject line “Lockbit Ransomware Attack and Data Theft,” claimed that an outage the previous weekend had in fact been the result of a ransomware attack where cybercriminals stole employee and customer data.
The supposition is that the MD of Merseyrail’s Office 365 email account had been compromised the hackers in an attempt to spread word of the security breach, and apply pressure on the organisation to pay up.
If true, it’s certainly quite an audacious move to hack the email account of the boss of a corporate victim, and use that as a platform for informing the world of a security breach.
Merseyrail has now confirmed to Bleeping Computer that it has been the recent target of a cyber attack, and that it has informed the Information Commissioner’s Office (ICO). Merseyrail says that it is continuing to investigate the incident, and will not comment on the how its managing director managed to have his corporate email account compromised.
The breach comes at a bad time for Merseyrail, which is struggling financially as a result of the Covid-19 pandemic.
At the time of writing there is no mention of a cyber attack on Merseyrail’s website.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.