TeamHood 
Merseyrail a UK rail network has confirmed that a ransomware gang used their email system to email employees and journalists about the attack.
Merseyrail provides train service through sixty-eight stations in the Liverpool City Region in England.
Merseyrail Spokesperson said “We can confirm that Merseyrail was recently subject to a cyber-attack. A full investigation has been launched and is continuing. In the meantime, we have notified the relevant authorities,”
Still the investigation is under progress and not yet confirmed that their system has been compromised by Ransomware.
Over the past year, ransomware gangs have become increasingly aggressive in their extortion tactics.
In the past, ransomware attacks consisted of threat actors stealing victims’ data and then encrypting their files to force a ransom payment.
Over time, threat actor’s tactics have escalated to performing DDoS attacks on victims’ networks and websites, emailing customers and journalists, and threatening to contact stock exchanges.
Sadly, while these attacks are ongoing, the employees and customers are usually the last to know what is happening with their data and organization.
Using a victim’s email system to promote their attacks to both employees, journalists, and customers could turn that on its head.
In response, Paul Norris, senior systems engineer at Tripwire, said: “We should hope that Merseyrail is prepared to respond to ransomware, including the potential operational disruptions that come with that response. But while we tend to focus on the response to ransomware, prevention is still the best way to deal with the threat.
“Ransomware doesn’t magically appear on systems, and the methods by which it’s introduced into an environment are generally well understood: phishing, vulnerability exploits, and misconfigurations, which is why hardening systems helps to safeguard the integrity of your digital assets and protect against vulnerabilities.”
