People seeking information today about the Luas light rail system in Dublin may have encountered a message threatening to “publish all data and send emails to your users” unless a ransom of one Bitcoin (worth about $3850) is paid, RTE reports.
That message has now been obscured and replaced by a server timeout message. Nevertheless, the site, luas.ie, is expected to be down for the rest of the day.
According to a report in The Irish Examiner, the attacker allegedly stated that he or she had warned Luas operators previously that the Luas site had “serious security holes.”
Cybersecurity researchers from the firm Smarttech 247 believe the Luas system was probably infected via ransomware, which is most often distributed through emails containing infected links.
“These are primarily spreading via email where they appear to be a Microsoft document (word, excel). The Ransomware will attack any server or computer which does not have adequate protection and this includes web servers that host websites and applications,” says Smarttech 247 CEO Ronan Murphy.
The company is advising all businesses and members of the public to ensure they are properly protected.
Like many other cybersecurity researchers, Murphy says ransomware attacks are increasing:
“Although it’s only three days into the new year Smarttech247 team have already seen a sharp rise in ransomware attacks.”
Ransomware can be purchased on the Dark Net, as can the key personal emails often used to distribute it.
Emails are sometimes carefully targeted and other times sent out in wide swathes. Generic malign emails may entice recipients to click on infected links by threatening them, warning them of some dire consequence or claiming there is sensitive info contained in the link.
Other ransomware and malware attacks may be tailored to fool key individuals who have plum access to high-profile or lucrative targets.
For example, hackers once designed a fake dog show website and sent a customized “invite” to a cryptocurrency exchange employee who was a known dog lover.
The employee clicked on the “dog show link,” which infected the entire workplace computer system. Cryptocurrency was eventually stolen from the exchange.
Experts warn people never to open suspicious emails nor links.
The Luas ransomware attack appears to have locked or encrypted the site and possibly the personal data of site users.
Cryptocurrency ransoms have serious advantages over traditional ransoms, which must either be paid in person or through highly-monitored banking systems.
Bitcoin and other cryptocurrency ransoms, on the other hand, can be transmitted and managed more or less anonymously, which is why these types of ransom demands are factoring more and more into various crimes, including kidnappings in some regions.
Luas managers have tweeted that technicians are working on the issue and have advised riders not to use the website for the time being:
Due to an ongoing issue, please do not click onto the Luas website. We currently have technicians working on the issue. We will be using this forum only for travel updates should the need arise. For any queries, please contact our customer care number on 1850 300 604.
— Luas (@Luas) January 3, 2019