Ransomware Attack on Northern Rail UK

296

A suspected ransomware attack on the servers of Northern Rail’s ticketing system has disrupted the digital services of the company from the past 12 hours and news is out that the operator might make a recovery only after 2 days.

News is out that the file encrypting malware has targeted over 600 touch screen units that were installed at a cost of £17 million across 420 trail stations in the North of England.

The train operator that is now owned by the government of England, has launched a probe and has assured that it will reveal more details after receiving the update from the law enforcement on the incident.

Northern Train has stated that its customer or payment data was not compromised in the incident and its supplier ‘Flowbird’ servers caused the glitch.

Till the ticketing systems are up, the train operator is planning to dispatch tickets to its customers on a manual note and details can be availed from the train conductors at the station.

Arriva Rail North was the earlier owner of Northern till Feb 2020 and from March of the same year the train service operations were taken over by the government.

Note 1- Although the rail services provider did not mention the name of the ransomware variant that hit its servers, REvil aka Sodinokibi ransomware spreading gang is suspected to be behind the incident.

Note 2- After DarkSide ransomware gang that has now shut down its operations after its main servers got seized by FBI, REvil ransomware gang seems to have spread its wings across the west and has been demanding $4m to $10 million in Bitcoins from its victims.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security