Northern Train's ticketing system out to lunch as ransomware attack shuts down servers

£17m on shiny new Flowbird touchscreen kiosks well spent, apparently


Publicly owned rail operator Northern Trains has an excuse somewhat more technical than "leaves on the line" for its latest service disruption: a ransomware attack that has left its self-service ticketing booths out for the count.

"Last week we experienced technical difficulties with our self-service ticket machines, which meant all have had to be taken offline," a spokesperson for Northern Trains confirmed to the The Register.

April 12th 2021: Leeds Railway Station on the day non essential shops reopened. Leeds, UK

April 12th 2021: Leeds Railway Station on the day non essential shops reopened in the area

"This is the subject of an ongoing investigation with our supplier, but indications are that the ticket machine service has been subject to a ransomware cyberattack. Working with the supplier, we took swift action and the incident has only affected the servers which operate the ticket machines. Customer and payment data has not been compromised."

A representative for Northern Trains referred further questions on to Flowbird Transport, which provides the ticketing system in question, telling us "it's their system that's been affected."

Northern Trains partnered with Flowbird in a £17m-and-counting scheme to update its self-service ticketing facilities in 2016. Through that partnership the pair reported installing 621 of Flowbird's machines at 420 stations as of May this year.

"We are working to restore normal operation to our ticket machines as soon as possible," Northern Trains' spokesperson continued. "We are sorry for any inconvenience this incident causes and, in the meantime, are advising customers to either use Northern's mobile app or website to purchase tickets in advance and, where necessary, to collect those from one of our ticket offices. Of course, those offices can also be used to buy tickets.

"Customers who have already bought tickets to be collected at a machine, or who would normally use 'promise to pay' slips, should board their booked service and either speak to the conductor or to Northern staff at their destination station."

The publicly owned Northern Trains took over the operation of the Northern rail franchise from Arriva Rail North in March last year, after poor performance from the previous franchise holder gave the government cause to step in.

Northern Trains' public-facing news page failed to mention any ransomware attack but blamed the ongoing outage on unspecified "technical difficulties."

"An issue was recently identified which impacted our TVM services for one customer (Northern)," a Flowbird spokesperson confirmed in a statement on the ransomware attack. "The issue was first identified through cyber monitoring systems and our initial investigations indicated that the service may have been subject to a cyber-attack.

"We immediately instigated our major incident procedure in order to protect other parts of the network and our checks have shown there has been no compromise to any personal data. The TVM [Ticket Vending Machine] network has been taken offline as a precautionary measure and we are working with our customer in order to restore services as soon as possible."

Flowbird did not confirm whether it had alerted authorities to the breach.

Charlie Smith, consulting solutions engineer at Barracuda Networks said the latest incident is a "stark reminder" that businesses of all shapes and sizes can fall under the watchful eye of infosec criminals.

"[R]egularly reviewing and testing your data regulation practices is essential to ensure all IT staff are comfortable in running a full system recovery for software and data that is critical to a business functioning, especially during the summer months when many people are taking holiday.

“The only way to recover quickly and easily from a ransomware attack is to remove all infected data and run full system and virtual machine level recoveries of the web servers and IT systems which have been exploited." ®

Similar topics

Broader topics

Narrower topics


Other stories you might like

  • DigitalOcean tries to take sting out of price hike with $4 VM
    Cloud biz says it is reacting to customer mix largely shifting from lone devs to SMEs

    DigitalOcean attempted to lessen the sting of higher prices this week by announcing a cut-rate instance aimed at developers and hobbyists.

    The $4-a-month droplet — what the infrastructure-as-a-service outfit calls its virtual machines — pairs a single virtual CPU with 512 MB of memory, 10 GB of SSD storage, and 500 GB a month in network bandwidth.

    The launch comes as DigitalOcean plans a sweeping price hike across much of its product portfolio, effective July 1. On the low-end, most instances will see pricing increase between $1 and $16 a month, but on the high-end, some products will see increases of as much as $120 in the case of DigitalOceans’ top-tier storage-optimized virtual machines.

    Continue reading
  • GPL legal battle: Vizio told by judge it will have to answer breach-of-contract claims
    Fine-print crucially deemed contractual agreement as well as copyright license in smartTV source-code case

    The Software Freedom Conservancy (SFC) has won a significant legal victory in its ongoing effort to force Vizio to publish the source code of its SmartCast TV software, which is said to contain GPLv2 and LGPLv2.1 copyleft-licensed components.

    SFC sued Vizio, claiming it was in breach of contract by failing to obey the terms of the GPLv2 and LGPLv2.1 licenses that require source code to be made public when certain conditions are met, and sought declaratory relief on behalf of Vizio TV owners. SFC wanted its breach-of-contract arguments to be heard by the Orange County Superior Court in California, though Vizio kicked the matter up to the district court level in central California where it hoped to avoid the contract issue and defend its corner using just federal copyright law.

    On Friday, Federal District Judge Josephine Staton sided with SFC and granted its motion to send its lawsuit back to superior court. To do so, Judge Staton had to decide whether or not the federal Copyright Act preempted the SFC's breach-of-contract allegations; in the end, she decided it didn't.

    Continue reading
  • US brings first-of-its-kind criminal charges of Bitcoin-based sanctions-busting
    Citizen allegedly moved $10m-plus in BTC into banned nation

    US prosecutors have accused an American citizen of illegally funneling more than $10 million in Bitcoin into an economically sanctioned country.

    It's said the resulting criminal charges of sanctions busting through the use of cryptocurrency are the first of their kind to be brought in the US.

    Under the United States' International Emergency Economic Powers Act (IEEA), it is illegal for a citizen or institution within the US to transfer funds, directly or indirectly, to a sanctioned country, such as Iran, Cuba, North Korea, or Russia. If there is evidence the IEEA was willfully violated, a criminal case should follow. If an individual or financial exchange was unwittingly involved in evading sanctions, they may be subject to civil action. 

    Continue reading

Biting the hand that feeds IT © 1998–2022