Hundreds of touchscreen ticket machines are offline after a ransomware attack

Over 600 touchscreen ticket machines have been disrupted by a ransomware attack just two months after they were installed at stations across the north of England.
Written by Danny Palmer, Senior Writer

An apparent ransomware attack has resulted in hundreds of self-service ticket machines across the network being taken offline across the north of England. 

Customers who need to use the Northern rail company, which serves towns and cities across northern England, are urged to use the mobile app, website or ticket offices while the ticket machines remain disrupted. The attack comes just two months after 600 Northern-operated touchscreen ticket machines were installed at 420 stations across the region. 

"Last week we experienced technical difficulties with our self-service ticket machines, which meant all have had to be taken offline," a spokesperson for Northern told ZDNet. 

"This is the subject of an ongoing investigation with our supplier, but indications are that the ticket machine service has been subject to a ransomware cyberattack." 

SEE: Network security policy (TechRepublic Premium)

It hasn't been detailed what form of ransomware Northern, which is government run, might have fallen victim to or how cyber criminals may have compromised the network, but the company says that "swift action" taken alongside payment and ticketing systems supplier Flowbird means the incident has only affected the servers that operate the ticket machines. 

"The issue was first identified through cyber-monitoring systems and our initial investigations indicated that the service may have been subject to a cyberattack," a Flowbird spokesperson told ZDNet.

Both Northern and Flowbird say no customer information or payment data has been compromised by the attack.

"We are working to restore normal operation to our ticket machines as soon as possible. We are sorry for any inconvenience this incident causes," said the Northern spokesperson.  

SEE: Ransomware: Paying up won't stop you from getting hit again, says cybersecurity chief

There's currently no indication as to when the self-service ticket machines will be restored or if Northern or Flowbird have been contacted by the cyber criminals behind the ransomware attack, or if a ransom demand has been made. 

Ransomware attacks, where cyber criminals hack into networks, encrypt data and demand payment in exchange for the decryption key, have been a major cybersecurity problem during 2021. Such is the extent of the issue that world leaders discussed ransomware at last month's G7 summit. 


Editorial standards