Ransomware Attacks Target English Football League, Data Withheld for $3.8 Million Bitcoin
The UK National Cyber Security Centre (NCSC) has issued a warning saying that football teams are at increased risk of phishing campaigns and ransomware attacks. On July 23, the agency published a 28-page report titled (The Cyber Threat to Sports Organizations) stating that ransomware is a significant threat for sports organizations.
The National Cyber Security Centre is a UK government institution that offers support and advice for the private and public sectors on how to avoid computer security threats. The institution is based in London and started its operations in 2016.
Football Teams Have Become Perfect Targets
According to the NCSC’s report, the English Football League (EFL) club has recently become a victim of cyber-attack. The hackers encrypted all security and corporate systems of the club and demanded a ransom of 400 Bitcoins value of $3.8 million in order to release the decryption key.
Since the owners of the club refused to pay the stated amount, the hackers took revenge to further encrypt the club’s end-user devices.
It is not clear what kind of attack vector used. However, the NCSC said that the initial infection was a result of either a phishing email or accessing the club’s CCTV system remotely and installing ransomware on the system.
Since all systems at the stadium were connected to one network, the infection of the attack spread quickly. It is estimated that the club lost several hundred thousand British pounds. Many servers were also affected, thus leaving the club unable to use their corporate email.
The stadium’s turnstiles and CCTV were non-operational, an incident that nearly resulted in a cancellation and postponement of fixtures.
Paul Chichester, NCSC director of operations, stated that football clubs might not view cybercrimes as a significant threat. But it remains a serious issue for the UK’s broader cybersecurity goals.
As per the report, football clubs are on a target and, therefore, they have to take this issue seriously. The report further mentioned that hackers recently attacked a prominent Premier League club. The hackers used fake emails to steal over one million pounds before someone at the club, detecting suspicious transactions, and taking action.
Hackers are casting a wider net in hopes of infecting as many individual machines as possible. According to NCSC’s warning, over 70% of UK sports organizations have experienced cybersecurity breaches in 2020. The watchdog, therefore, recommends that football clubs must allocate resources, money, and part of their time towards protecting their data to prevent such hacks.
Fears of More Hostage Situations
Sports organizations are some of the major institutions known as financially profitable and thus are becoming valuable targets for ransomware attacks. Attacks begin with an innocent email. When someone clicks the link the email, hackers quickly take over. It works like that. Computers at organizations are locked, and the only way for workers to get back their system is to pay the attackers thousands of dollars’ worth of Bitcoin.
There is no guarantee that hackers won’t do it again. Besides hospitals, local government offices, and schools, many attacks have targeted sports organizations this year. To make the matter worse, several organizations choose not to report such incidents as they want to avoid news coverage and resorting to sending payouts to attackers.
Image source: Shutterstock