Friday, October 15, 2021

Amey suffers from a cyberattack

Must Read

North Korean hackers launch RokRat Trojan campaigns against the South Korean government

A North Korean hacking team is using the RokRat Trojan in a new wave of campaigns against the South...

U.S DOJ charges 4 Chinese nationals for the global hacking campaign

The Justice Department announced charges against four Chinese nationals on Monday, accusing the men of being part of a...

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

UK’s prominent infrastructure management company Amey has been hit by the Mount Locker ransomware group in what the company has called a “complex” cyber attack. 

Amey was hit by a cyber attack in December, it has emerged. 

Amey Plc, the British giant providing infrastructure support services to both regulated and public sectors has suffered a ransomware attack since mid-December 2020.

The group behind this data breach is Mount Locker, which has been known to demand multi-million dollar ransom payments from its victims in the past.

According to the Reports website, which first published details of the incident, the company was targeted by hackers using ransomware in mid-December. They started posting documents including correspondence the firm had with government departments online just after Christmas.  

A subsidiary of Spanish multinational Ferrovial, Amey is one of the largest British firms serving public and regulated sectors, such as defense, railways, and power some of which constitute the UK’s critical infrastructure.

The $2 billion company employs over 19,000 people and is heavily involved in areas of civil engineering, transportation, aerial surveillance (i.e. via unmanned vehicles), defense, power, and waste management.

As of 2019, Amey operates the London Docklands Light Railway (DLR) line and Manchester Metrolink trams. In collaboration with Keolis, Amey also operates Transport for Wales Rail Services.

Ransomware op leaks confidential documents

Around December 16th, 2020, the Mount Locker ransomware group breached Amey’s computer systems.

As observed on December 26th, the group started publishing Amey’s proprietary data in parts on their leak site.

The leaked documents present in the dump include contracts, financial documents including bank statements and loan records, confidential partnership agreements, NDAs, correspondence between Amey and UK government departments and councils, scans of passports, driving licenses, and identity documents of company employees and directors, financial reports, employment records (new hire offers and resignation letters), technical blueprints (of Manchester Metrolink railways, for example), meeting minutes, etc.

Leaked data dump contains identity documents of Directors and employees Exposed data mention Amey’s subsidiaries

It is worth mentioning a fair number of documents and contracts present in the dump mention Amey Defence Services Ltd as one of the contracting parties.

Formerly known as CarillionAmey (Housing Prime) Ltd,Amey Defence Services is the private arm of Amey that provides infrastructure management and support services to military establishments including the British Armed Forces.

However, Amey has clarified in an email that this incident did not impact Amey’s Defence IT environment and that Amey Defence data is stored separately in the Defence IT Environment.

Likewise, some agreements were made between third-parties and Amey’s civil engineering consultancy Amey Ow Ltd that serves clients in the fields of aviation, central government, defense, education, local government, and rail and highway.

Other Amey company documents present in the leaked data set concern smaller subsidiaries such as Amey Utility Services Ltd which provides services to the British water and power sector.

At the time of our initial reporting, less than 5% of the data had been leaked in a compressed archive of 416 MB by the ransomware group.

According to the threat actors, as of January 3, 2020, the size of the entire stolen data set is 143 GB, of which about half (65 GB) has now been published on the leak site.

Ransomware ops leak 50% (65 GB) of the total 143 GB of data

Ransomware operators typically start leaking data in parts when they fail to negotiate a ransom amount with the victims during the early stages of a cyberattack. This is yet another tactic employed by the threat actors in extorting money from the affected party.

Whereas, in other cases, the threat actors may choose to quietly auction the customer data on darknet forums instead of leaking it, should the victim refuse to pay the ransom.

Thus far, We are not aware of any ongoing negotiations taking place between Amey and Mount Locker pertaining to the ransom amount.

An “IT security incident”

When asked for details concerning the cyberattack, an Amey spokesperson told:

“On 16th December Amey became aware of a complex IT security incident during which a portion of our data was compromised.

Security Report has reported the incident to the Information Commissioner’s Office, the National Centre for Cyber Security, and the National Crime Agency.”

The company also states the cyber attack was spotted early on and that they are striving to minimize any disruptions caused.

“Amey has comprehensive tracking software and virus mitigation strategies meaning the incident was caught early.

We have been working with world-leading cyber-security experts throughout this incident and continue to work with clients to keep any disruption to a minimum,” an Amey spokesperson told.

Although the company has promptly reported the cyber attack to relevant UK authorities including the ICO, NCSC, and NCA, it may take some time for Amey to assess the full impact of this cyber attack on their clients and partners, and for more details to be known.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This