Security News > 2021 > July > Ransomware Attack on UK Rail System - Spray and Pray or Targeted?

Northern Rail, one of the UK's local railway systems covering the north of England, had its new self-service ticketing machines taken off-line following a ransomware attack last week.

Railways in the UK are operated under a licensed franchise system following the breakup of the state-owned British Rail, which was privatized gradually from 1994 to 1997.

The rail infrastructure is owned and managed by Network Rail, described as an 'arm's length' public body of the Department of Transport - but the rail services are operated by private companies under license to the government.

Northern Rail was at the time operated by Arriva Rail North, but the service was taken over by the government after a series of problems including delays and cancellations to services.

Northern Rail has provided no information on the problem.

Y Norton, European cyber risk officer at Armis, commented, "Given how recent the installation was, it would appear some basic security mechanisms are missing from the recent deployment. The ticketing system is likely Android based, and there is a small number of ransomware families that specifically target Android devices. Rail networks are considered critical infrastructure under the NIS legislation and so, a risk assessment of the new Ticketing system should have been undertaken and this risk assessment should have included the risk of cyberattack with mitigating controls."

News URL

http://feedproxy.google.com/~r/securityweek/~3/rqGAmB6-_w4/ransomware-attack-uk-rail-system-spray-and-pray-or-targeted