Rail operator Northern shuts all ticket machines following a ransomware attack

Rail operator Northern shuts all ticket machines following a ransomware attack

Rail operator Northern shuts all ticket machines following a ransomware attack

UK rail operator Northern suffered a cyber attack targeting its newly installed self-serve ticketing machines across Northern England, forcing the operator to take all the ticketing machines offline.

The publicly-owned train operator commenced its northern franchise operations in March 2020, soon after the franchise deal of former operator, Arriva Rail North was terminated. In May this year, Northern announced it installed over 600 new ticket vending machines in more than 400 stations as part of its wide-ranging modernisation plan that involved an investment of almost £17 million.

Earlier today, Northern said in a press release that it had to take all of its self-service ticket machines offline due to technical difficulties. “We are investigating the issue and are working hard to have the machines up and running again as soon as possible,” the operator said.

“We are sorry for any inconvenience this causes. In the meantime we are advising customers to either use our mobile app or website to purchase tickets in advance and, where necessary, to collect those tickets from one of our ticket offices.

“Customers who have already bought tickets to be collected at a machine, or who would normally use ‘promise to pay’ slips, should board their booked service and either speak to the conductor or to Northern staff at their destination station,” it added.

Flowbird, who installed and now monitors Northern’s self-service ticket machines, told ZDNet that the disruption was caused by a cyber attack. “The issue was first identified through cyber-monitoring systems and our initial investigations indicated that the service may have been subject to a cyberattack,” the firm said.

According to Reuters, Northern has admitted that the disruption was, in fact, caused by a ransomware attack. “This is the subject of an ongoing investigation with our supplier, but indications are that the ticket machine service has been subject to a ransomware cyber-attack,” Northern said.

Commenting on the cyber attack targeting Northern, Willem Hendrickx, International Senior Vice President at Vectra AI, told TEISS that the current wave of infrastructure attacks seem to be just as focused on creating chaos as they are on collecting payoffs. While it’s great to see a quick response from Northern Rail to identify the attack relatively early on, it has still impacted systems.

“On an almost weekly basis, we’re now confronting the security vulnerabilities in our essential systems, so other critical targets must take notice, and make sure they have advanced detection tools in place. Organisations must be able to reduce the time it takes them to spot threats to mitigate the impact of ransomware, using the latest technologies to stay one step ahead of the latest threats.”

According to Joseph Carson, chief security scientist at ThycoticCentrify, “this latest ransomware incident demonstrates that you might have deployed the latest software and hardware, but falling short on security best practices still leaves organisations exposed to becoming ransomware victims.

“While using the latest software is a good start, but using it alone is not enough. You must also ensure that the systems are hardened, secured, and patched along with strong privileged access security to make it difficult for ransomware attackers,” he added.

Image Source: Northern Railway

Copyright Lyonsdown Limited 2021

Top Articles

Is your security in need of an update this Cybersecurity Awareness month?

Cyber security experts tell teiss about the evolving threat landscape and how organisations can bolster their cyber security defenses

A new case for end-to-end encryption

How a hacker group got hold of calling records and text messages deploying highly sophisticated tools that show signs of originating in China

Telcos in Europe put muscle behind firewalls as SMS grows

Messaging is set to be one of the biggest traffic sources for telcos worldwide prompting them to protect loss of revenue to Grey Route practices 

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]