Friday, July 23, 2021

Amey suffers from a cyberattack

Must Read

Ongoing ransomware attack leaves systems badly affected, says Scottish Environmental Regulator

About a month after the first attack, the Scottish Environmental Protection Agency (SEPA) systems remained offline - and stolen...

WA Auditor Shows Concern about security Methods within state Registry System

Auditor General publishes findings 18 weeks after the audit has been complete because she feared that the danger was...

Misconfigured AWS Bucket Exposes Social Influencers

A misconfigured cloud storage bucket has subjected that the private details of countless social networking influencers, possibly placing them...

UK’s prominent infrastructure management company Amey has been hit by the Mount Locker ransomware group in what the company has called a “complex” cyber attack. 

Amey was hit by a cyber attack in December, it has emerged. 

Amey Plc, the British giant providing infrastructure support services to both regulated and public sectors has suffered a ransomware attack since mid-December 2020.

The group behind this data breach is Mount Locker, which has been known to demand multi-million dollar ransom payments from its victims in the past.

According to the Reports website, which first published details of the incident, the company was targeted by hackers using ransomware in mid-December. They started posting documents including correspondence the firm had with government departments online just after Christmas.  

A subsidiary of Spanish multinational Ferrovial, Amey is one of the largest British firms serving public and regulated sectors, such as defense, railways, and power some of which constitute the UK’s critical infrastructure.

The $2 billion company employs over 19,000 people and is heavily involved in areas of civil engineering, transportation, aerial surveillance (i.e. via unmanned vehicles), defense, power, and waste management.

As of 2019, Amey operates the London Docklands Light Railway (DLR) line and Manchester Metrolink trams. In collaboration with Keolis, Amey also operates Transport for Wales Rail Services.

Ransomware op leaks confidential documents

Around December 16th, 2020, the Mount Locker ransomware group breached Amey’s computer systems.

As observed on December 26th, the group started publishing Amey’s proprietary data in parts on their leak site.

The leaked documents present in the dump include contracts, financial documents including bank statements and loan records, confidential partnership agreements, NDAs, correspondence between Amey and UK government departments and councils, scans of passports, driving licenses, and identity documents of company employees and directors, financial reports, employment records (new hire offers and resignation letters), technical blueprints (of Manchester Metrolink railways, for example), meeting minutes, etc.

Leaked data dump contains identity documents of Directors and employees Exposed data mention Amey’s subsidiaries

It is worth mentioning a fair number of documents and contracts present in the dump mention Amey Defence Services Ltd as one of the contracting parties.

Formerly known as CarillionAmey (Housing Prime) Ltd,Amey Defence Services is the private arm of Amey that provides infrastructure management and support services to military establishments including the British Armed Forces.

However, Amey has clarified in an email that this incident did not impact Amey’s Defence IT environment and that Amey Defence data is stored separately in the Defence IT Environment.

Likewise, some agreements were made between third-parties and Amey’s civil engineering consultancy Amey Ow Ltd that serves clients in the fields of aviation, central government, defense, education, local government, and rail and highway.

Other Amey company documents present in the leaked data set concern smaller subsidiaries such as Amey Utility Services Ltd which provides services to the British water and power sector.

At the time of our initial reporting, less than 5% of the data had been leaked in a compressed archive of 416 MB by the ransomware group.

According to the threat actors, as of January 3, 2020, the size of the entire stolen data set is 143 GB, of which about half (65 GB) has now been published on the leak site.

Ransomware ops leak 50% (65 GB) of the total 143 GB of data

Ransomware operators typically start leaking data in parts when they fail to negotiate a ransom amount with the victims during the early stages of a cyberattack. This is yet another tactic employed by the threat actors in extorting money from the affected party.

Whereas, in other cases, the threat actors may choose to quietly auction the customer data on darknet forums instead of leaking it, should the victim refuse to pay the ransom.

Thus far, We are not aware of any ongoing negotiations taking place between Amey and Mount Locker pertaining to the ransom amount.

An “IT security incident”

When asked for details concerning the cyberattack, an Amey spokesperson told:

“On 16th December Amey became aware of a complex IT security incident during which a portion of our data was compromised.

Security Report has reported the incident to the Information Commissioner’s Office, the National Centre for Cyber Security, and the National Crime Agency.”

The company also states the cyber attack was spotted early on and that they are striving to minimize any disruptions caused.

“Amey has comprehensive tracking software and virus mitigation strategies meaning the incident was caught early.

We have been working with world-leading cyber-security experts throughout this incident and continue to work with clients to keep any disruption to a minimum,” an Amey spokesperson told.

Although the company has promptly reported the cyber attack to relevant UK authorities including the ICO, NCSC, and NCA, it may take some time for Amey to assess the full impact of this cyber attack on their clients and partners, and for more details to be known.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This