Merseyrail confirm ransomware cyber attack as Managing Director’s email hacked

2nd May 2021

Cyber attackers broke into the email of Merseyrail Managing Director Andy Heath last month as part of a ransomware attack on the company.

Several newspapers, security blogs and Merseyrail staff received an email from Heath’s email address on 18 April with the subject: “”Lockbit Ransomware Attack and Data Theft.”

In this email, the sender pretended to be Andy Heath informing staff that they suffered a ransomware attack where the hackers stole employee and customer data.

The email included a link to an image showing an employee’s personal information.

LockBit is a known ransomware attack, where hackers block access to a device until payment is made. There is no guarantee access to the device will be granted after payment is made.

Several online security websites allege that Merseyrail did receive a demand for payment, and that Merseyrail are refusing to pay, however OTS was not able to independently confirm these details.

It is unknown whether any rail control systems were breached.

Merseyrail said: “We can confirm that Merseyrail was recently subject to a cyber-attack. A full investigation has been launched and is continuing. In the meantime, we have notified the relevant authorities.”

“It would be inappropriate for us to comment further while the investigation is underway.”

The UK Information Commissioner’s Office (ICO) confirmed that Merseyrail made them aware of the attack.

“Merseyrail has made us aware of an incident and we are assessing the information provided,” the ICO said.