Security News > 2021 > April > Ransomware crooks who broke into Merseyrail used director's email address to brag about it – report
Brit railway company Merseyrail is understood to have suffered a ransomware attack - and the crooks responsible reportedly pwned a director's Office 365 account to email employees and journalists about it.
Merseyrail's network covers 68 stations around Liverpool, Birkenhead and Southport, stretching as far south as Chester.
It was claimed that the group responsible was the Lockbit gang, a relatively new organisation.
Darktrace reckoned that Lockbit's average ransom demand was $40,000.
Describing a previous infection of one of its clients, Darktrace said: "The attack commenced when a cyber-criminal gained access to a single privileged credential - either through a brute-force attack on an externally facing device, as seen in previous LockBit ransomware attacks, or simply with a phishing email."
The Information Commissioner's Office said it was aware of the ransomware attack at Merseyrail, which was last voted, for the second year running, as the UK's most reliable train operator.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/04/28/merseyrail_ransomware_claim/