According to reports, the UK-based railcar system Merseyrail has suffered a cyberattack. Questions began to surface after BleepingComputer, different UK media outlets, and employees of the rail service received a strange email from the Director of Merseyrail Andy Heath on April 18th. The email contents stated that the outage the company had the week prior was instead a ransomware attack committed by the Lockbit Ransomware operators and that they obtained data from Merseyrail. The email also includes a link to a picture that apparently shows employee information that was gathered during the attack. At this time, a legitimate statement had not yet been made by Merseyrail until the company simply stated, “It would be inappropriate for us to comment further while the investigation is underway.” All relevant authorities have been notified.
Since it’s unknown how the threat actors gained access to the Merseyrail’s network, it is difficult to give a proper recommendation. To stay protected from attacks of this type, Binary Defense suggests pairing a strong anti-virus detection software along with some type of endpoint monitoring. Our Security Operations Center (SOC) analysts monitor endpoints day in and day out in an effort to spot signs of intrusions and work with clients to reduce or completely eliminate any threat that is noticed.