back to article Ransomware crooks who broke into Merseyrail used director's email address to brag about it – report

Brit railway company Merseyrail is understood to have suffered a ransomware attack – and the crooks responsible reportedly pwned a director's Office 365 account to email employees and journalists about it. News of the breach was reported by BleepingComputer, which received one of those emails. A spokesperson for the rail …

  1. FlamingDeath Silver badge

    Ha Ha

    This is hilarious

    Have they considered paying the CEO more money to solve the problem?

    1. FlamingDeath Silver badge

      Re: Ha Ha

      “I like money”

      - Frito

      1. FlamingDeath Silver badge

        Re: Ha Ha

        Was it the IT director? Tell me it wasn’t hahaha

        1. Anonymous Coward
          Anonymous Coward

          Re: Ha Ha

          Good grief man, stop laughing at your own comments.

          1. FlamingDeath Silver badge

            Re: Ha Ha

            I’m not laughing at my own comments, that would be crazy

            I’m laughing at the ridiculous situation that is causing so many companies AND universities to become victims of ransomware, however I am not laughing at them paying, usually through insurance, or involving taxpayer funded security services to unfuck their organisation because THEY, couldnt be fucked to properly protect it.

            Whats the Head honcho gonna do? Give themselves a pay rise and hope it all goes away? This is a leadership problem, too many overpaid sycophantic morons running companies and universities it seems, you know what I’m talking about and it isn’t a meritocracy

  2. Yet Another Anonymous coward Silver badge

    This does not affect the operation of our services,

    To be fair, the explosion of a thermonuclear device wouldn't affect the operation of the services of many rail franchises

    1. This post has been deleted by its author

    2. WolfFan

      Re: This does not affect the operation of our services,

      The traibs might actually move.

    3. Red Ted

      The nuclear option

      That is of course why they keep the Strategic Reserve!

  3. Paul Herber Silver badge

    Maybe they infiltrated MerseyRail with a sleeper.

  4. Bendacious Bronze badge

    Just me or does the phrase "leveraged tools such as PowerShell to compromise its victims" sound a bit odd. Bit like saying "they used operating system commands to make the computer do things". I did try to make this not sound snarky but I failed.

    1. Anonymous Coward
      Anonymous Coward

      Darktrace says you are being snarky*

      *totally not sponsored by Darktrace.

  5. Anonymous Coward
    Thumb Down


    Did they just lock the system or did they, as is traditional, steal files? If files, what were they and did they contain customer data?

    Across the pond Amtrak operates like a business and you can create an account with contact information and credit cards.

    1. A random security guy

      Re: Transparency

      I was wondering about it too. Also, people's trips that were not disclosed to a significant other, people playing hooky from work, etc.

      This will also be a good test of Britain's post-Brexit GDPR. compliance. We will find out if they really want to still treat Privacy as a human right or an MI5 right.

  6. sanmigueelbeer

    The attack commenced when a cyber-criminal gained access to a single privileged credential

    Let me guess, the director's?

    1. FlamingDeath Silver badge

      They had an ‘about us’ page on their website, listing all of their organisations egotistical leadership, probably, cos idiots are as common as muck

      1. Yet Another Anonymous coward Silver badge

        About us management page:

        CEO John Smith, Born mm/dd/yy, son of Lord Smith and Lady Smith (nee Wibble). He attended Bash St infants and his first pet was called Spot.

        No can't see any security problems there

  7. Potemkine! Silver badge

    Merseyrail joined the bandwagon of ransomware victims.

  8. This is not a drill

    Does this prove....

    ......that Darktrace is a useless piece of crap.

    Describing a previous infection of one of its clients, Darktrace said: "The attack commenced when a cyber-criminal gained access to a single privileged credential – either through a brute-force attack on an externally facing device, as seen in previous LockBit ransomware attacks, or simply with a phishing email."

    1. katrinab Silver badge

      Re: Does this prove....

      All the evidence I have suggests that Darktrace is mostly a LinkedIn spamming operation.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like