UK

Manchester United are being held to RANSOM for millions of pounds by cyberhackers

Manchester United are being held to ransom for millions of pounds by cyber criminals who have crippled the club’s systems, Sportsmail can reveal.

United have brought in a team of technical experts to contain the potentially ‘disastrous’ attack that was launched more than a week ago.

But it’s understood the hackers still have United in their grip after the National Cyber Security Centre on Thursday night confirmed they are helping the club to resolve the crisis.

Manchester United’s computer systems are still under the control of cyber hackers

These are worrying times for Manchester United executive vice-chairman Ed Woodward

United are being held to ransom by the cyber attackers for millions of pounds

The hackers are demanding cash to release their grip on United (the club’s executive vice-chairman Ed Woodward is pictured left)

It said: ‘The NCSC is aware of an incident affecting Manchester United Football Club and we are working with the organisation and partners to understand impact.’

The embarrassing lapse of security at one of the world’s biggest sports clubs is believed to be far more serious than first feared.

United’s network has been infected by ransomware – a computer virus – and they now face the option of having to pay up or risk seeing highly sensitive information about the club and its stars leaked into the public domain.

It’s unclear who the criminals are or how much they want, but the NCSC revealed that in the last year an EFL club were hit with a £5m demand and the biggest single loss to a sports organisation from cyber crime was £4m.

United could also face fines of £9m, £18m or two per cent of their total annual worldwide turnover from the independent government body Information Commissioner’s Office if the attack is found to have breached their fans’ data protection – although the club on Thursday night reassured supporters that is not the case.

United also insist the attack will not impact match-day operations. The next home game is against Paris Saint-Germain in the Champions League on Wednesday night.

A statement on Thursday night read: ‘Following the recent cyber attack on the club, our IT team and external experts secured our networks and have conducted forensic investigations.

United feared their game at Old Trafford against West Brom would have to be called off after the initial cyber breach

United feared their game at Old Trafford against West Brom would have to be called off after the initial cyber breach

The Premier League outfit insist the attack won't have an impact on match-day operations

The Premier League outfit insist the attack won’t have an impact on match-day operations

Marcus Rashford celebrates scoring in Tuesday night's 4-1 win over Istanbul Basaksehir

Marcus Rashford celebrates scoring in Tuesday night’s 4-1 win over Istanbul Basaksehir

‘This attack was by nature disruptive, but we are not currently aware of any fan data being compromised.

‘Critical systems required for matches to take place at Old Trafford remained secure and games have gone ahead as normal.

‘The club will not be commenting on speculation regarding who may have been responsible for this attack or the motives behind it.’

The NCSC warned about the increased threat to the £37billion sports industry from cyber criminals in July, including the more remote possibility of being targeted by nation states such as Russia.

It revealed that the unknown EFL club received a £5m ransom demand after its systems were crippled. The club refused to pay up and were unable to operate their CCTV and stadium turnstiles, almost resulting in a match being postponed.

Sensitive information from Manchester City's company emails was leaked two years ago

Sensitive information from Manchester City’s company emails was leaked two years ago

In another sting, the email of a Premier League managing director was hacked by criminals who narrowly failed to sabotage a transfer deal with a European club and divert the £1m fee into their own bank account.

When sensitive information from Manchester City’s company emails was leaked in 2018, it led to a £9m fine for breaking Financial Fair Play rules and a two-year Champions League ban that was later overturned.

Warning of the specific threat to sports clubs, the NCSC said: ‘The business impact of ransomware attacks can be disastrous.

‘Since 2018, ransomware attacks have been growing in impact. The criminals carrying out the attacks are taking more time to analyse victim networks and understand the ‘value’ of the target organisation.

‘Using network analysis and lateral movement within the victim’s network, attackers try to ensure they have maximum impact on the victim organisation – potentially denying access to business-critical files and systems.

‘Keep safe back-ups of important files. Even if you decide to pay the ransom, there is no guarantee that you will get access to your computer, or your files.’

Last week, a British athlete had almost 100 private images stolen from their iCloud account

Last week, a British athlete had almost 100 private images stolen from their iCloud account

The report revealed that 70 per cent of sports organisations had experienced cyber incidents in the previous year – double the average for UK businesses.

NCSC director of operations Paul Chichester said: ‘Sport is a pillar of many of our lives and we’re eagerly anticipating the return to full stadiums and a busy sporting calendar.

‘While cyber security might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cyber criminals cashing in on this industry is very real.

‘I would urge sporting bodies to use this time to look at where they can improve their cyber security – doing so now will help protect them and millions of fans from the consequences of cyber crime.’

SPORT’S CYBER-ATTACK PROBLEM 

The UK’s sports industry is now under near-constant cyber-attack, according to statistics from the Government’s National Cyber Security Centre (NCSC), released this year.

United are the latest victims, with 70 per cent of sporting institutions, organisations and teams having suffered incidents of varying severity in the last 12 months – but they are the most high-profile.

The NCSC reported that one EFL club suffered a ‘significant ransomware attack’ which resulted in the loss of locally stored data in almost all of the club’s computer systems and mobile phones. They say ‘several servers were also affected, leaving the club unable to use their corporate email. The stadium CCTV and turnstiles were non-operational, which almost resulted in a fixture cancellation.’

An unnamed Premier League club came close to losing a £1m transfer fee after it was targeted, when a bank prevented the money from being stolen. One sports organisation, also unnamed, lost over £4m.

Last week, four British athletes have had intimate photographs and videos posted online in a cyber attack that has affected hundreds of female sports stars and celebrities.

‘While cyber security might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cyber criminals cashing in on this industry is very real,’ said Paul Chichester, director of operations at the NCSC.

‘I would urge sporting bodies to use this time to look at where they can improve their cyber security – doing so now will help protect them and millions of fans from the consequences of cyber crime.’


Source link

Related Articles

Back to top button