Ransomware Suspected in Man United Attack

Security experts have suggested the cyber-attack that hit Manchester United late last week could be ransomware.

A brief statement issued on Friday evening confirmed that an incident had taken place, but added few details.

“The club has taken swift actions to contain the attack and is currently working with expert advisers to investigate the incident and minimize the ongoing IT disruption,” it noted.

“Although this is a sophisticated operation by organized cyber-criminals, the club has extensive protocols and procedures in place for such an event and had rehearsed for this risk. Our cyber-defenses identified the attack and shut down affected systems to contain the damage and protect data.”

The club added that its website and app remained unaffected by the attack and that it is “not currently aware” of any breach of personal data belonging to fans or customers.

“All critical systems required for matches to take place at Old Trafford remain secure and operational and tomorrow’s game against West Bromwich Albion will go ahead,” it added.

Jon Niccolls, EMEA & APAC incident response lead at Check Point, praised the club for responding swiftly to the attack.

“It isn’t clear what type of attack hit the club, but as its statement mentioned that it ‘shut down affected systems to contain the damage and protect data,’ this suggests ransomware, and possibly a double extortion attack where the attackers both steal data with the threat of leaking it, as well as encrypting it to disrupt operations,” he added.

“These are a fast-growing trend in 2020, and organizations such as football clubs are a prime target as their systems hold the details of hundreds of thousands of people including fans, employees, players as well as sensitive business and payment data.”

Sam Curry, chief security officer at Cybereason, said firms need to improve security hygiene and employee awareness to improve resilience against such attacks.

“Secondly, companies need to deploy around the clock threat hunting capabilities. They also need to deploy newer anti-ransomware software and advanced detection and response software (XDR) in order to be able to detect in real time when malicious behavior is occurring inside their network,” he added.

“Too often, cyber-criminals penetrate a network and then steal credentials and essentially impersonate employees that have been authorized, and unbeknownst to them, they are stealing proprietary data for weeks or months completely undetected.”

What’s Hot on Infosecurity Magazine?