UK's Ticket Machines Knocked Offline By a Ransomware Attack

UK’s Ticket Machines Knocked Offline By a Ransomware Attack

Over 600 self-service ticket machines at stations across the North of England have been affected by a ransomware attack. The attack took place just two months after the machines were installed at stations across the north of England.

Northern Rail customers are being urged to use the company’s mobile app or website while the ticket machines remain offline.

The attack, which happened just two months after the Northern touchscreen ticket machines were introduced, is believed to have been hit by a ransomware threat actor.

“Last week we experienced technical difficulties with our self-service ticket machines, which meant all have had to be taken offline,” a spokesperson for Northern told ZDNet. “This is the subject of an ongoing investigation with our supplier, but indications are that the ticket machine service has been subject to a ransomware cyberattack.”

Northern Rail says that only the servers that operate the payment and ticketing machines were affected by the incident, which was swiftly dealt with by their systems supplier Flowbird.

According to Flowbird, the company detected the hack through its cyber-monitoring systems.

“The issue was first identified through cyber-monitoring systems and our initial investigations indicated that the service may have been subject to a cyberattack,” a Flowbird spokesperson told.

Northern and Flowbird say they did not find evidence of any compromised payment or customer information following the attack.

“We are working to restore normal operation to our ticket machines as soon as possible. We are sorry for any inconvenience this incident causes,” said the Northern spokesperson.

There’s no indication when the self-service tickets will be restored or if the attackers have contacted Northern or Flowbird to seek a ransom.

Ransomware attacks, which are becoming more prevalent, have been a major threat area for 2021, leading to discussions about ransomware by world leaders at the last month’s G7 summit. 

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.