Manchester United defends close goal of cyber attackers in recent ransomware event

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Manchester United confirmed it had experienced a cyber attack on Friday evening, but stated that its defensive IT formation had identified the attack, shutting down impacted systems to contain the event and protect data. One of the key points of Manchester United’s online statement was its affirmation that it had “extensive protocols and procedures in place for such an event and had rehearsed for this risk“, allowing the team to go ahead with its match against West Bromwich Albion and to ensure all club media channels were unaffected. These ‘cyber fire drills‘ are clearly becoming ever more vital to ‘big game targets‘ and Manchester United appears to have benefited from such preparedness.

Ranking third in the world out of the most valuable football teams, with a total valuation of more than £2.9 billion, the attack on Manchester United is a further example of the rising number of ransomware attacks worldwide during the pandemic, with a particular uptick in big-game hunting and the corresponding value of ransom demands.

Recent investigations have highlighted that the number of distributed denial-of-service (DDoS) attacks observed in the third quarter of 2020 was four times higher than the first quarter of 2020 (Cloudfare). Further, CrowdStrike identified that 39% of UK organisations suffered a ransomware attack in the last 12 months and that on average pay USD 1.2 million, higher than the average USD 1.1 million globally. With these statistics in mind, it appears to be more important than ever that companies are prepared for such attacks, managing against the risk of exfiltration and encryption by, amongst other security protocols, partitioning and backing up systems, as well as understanding the legality and regulatory position of making ransomware payments.

Recently, a survey by CrowdStrike also revealed that UK businesses are paying more ransom to cybercriminals than their peers in other parts of the world.

The study found that 39 per cent of UK organisations have suffered a ransomware attack in the last 12 month, and they paid approximately £940,000 ($1.2 million) ransom on average – higher than the global average of $1.1 million.