Brit railway company Merseyrail is understood to have suffered a ransomware attack – and the crooks responsible reportedly pwned a director’s Office 365 account to email employees and journalists about it.
News of the breach was reported by BleepingComputer, which received one of those emails.
A spokesperson for the rail operator told us in a statement: “Merseyrail was recently subject to a cyber-attack. A full investigation has been launched and relevant authorities notified. This does not affect the operation of our services, which will continue to run as advertised.”
Merseyrail’s network covers 68 stations around Liverpool, Birkenhead and Southport, stretching as far south as Chester.
It was claimed that the group responsible was the Lockbit gang, a relatively new organisation. Darktrace reckoned it was first seen in 2019 and leveraged tools such as PowerShell to compromise its victims. Darktrace reckoned that Lockbit’s average ransom demand was $40,000.
Read more on The Register Here