Disruption Continues Two Weeks After Manchester United Cyber-Attack

Manchester United has confirmed it was hit by a “sophisticated” cyber-attack, but declined to say whether it was being subjected to ransom demands.

The football club said late on Friday that the attack two weeks ago was still causing disruption, but said it would not comment on “speculation”.

The Daily Mail reported that hackers have demanded “millions of pounds” to restore access to United’s computer systems.

Such demands are common in the world of criminal ransomware, with hackers increasingly carrying out targeted attacks on high-profile organisations.

Disruption

United said it had not identified a motive for the attack and said attackers no longer had control of their systems.

A Champions League game featuring United and a Turkish side went ahead last Tuesday, with some administrative changes needed to provide entry to Old Trafford.

The issue caused the club major disruption throughout last week, including emails not working, while investigative and recovery work progressed.

GCHQ’s National Cyber Security Centre (NCSC) said it had been informed of the incident.

“We are aware of an incident affecting Manchester United Football Club and have been working with law enforcement partners in response,” the agency said.

“Following the recent cyber attack on the club, our IT team and external experts secured our networks and have conducted forensic investigations,” United said in a statement.

Personal data

“This attack was by nature disruptive, but we are not currently aware of any fan data being compromised.

“Critical systems required for matches to take place at Old Trafford remained secure and games have gone ahead as normal.

“The club will not be commenting on speculation regarding who may have been responsible for this attack or the motives behind it.”

In a recent study the NCSC found 70 percent of major sports organisations were targeted by hackers every 12 months.

The agency said it dealt with three times as many ransomware incidents this year compared with 2019 and noted that criminals are increasingly publishing sensitive corporate data if they do not receive payment.

It said “financial motive” was the primary driver of attacks on sports organisations.

“Major losses have been experienced by sports organisations as a result of bespoke attacks, where criminals have harvested information before undertaking fraudulent financial transactions,” the report found.