After it emerged Manchester United have fallen victim to a computer virus attack, Sportsmail spoke to a cyber-security expert about the dilemma now facing the club…
The fact that this is still going on a week after the first attack proves it’s sophisticated, not some little virus that has got in.
Manchester United are in big trouble and it makes me think this is bigger than they’re letting on. There are no good news stories coming out. It’s the embarrassment as well. They’re the biggest club in the world and someone has pulled their pants down.
If the virus is ransomware there will be a demand for money. I would put my house on it being in the millions, and 99 times out of 100 it’s Bitcoin (cryptocurrency) because that is the hardest to trace.
Manchester United are being held to ransom for millions of pounds by cyber criminals
Gone are the days of a brown envelope being left on a park bench for someone to pick up or transferring money to offshore accounts. At state level — US or UK cyber-security — Bitcoin can be traced but the cyber-guys at United are not going to have that ability.
Most of the people who do this stuff are clever. They don’t ask for £1billion because they know United can’t pay that. It’s a bit like a kidnap ransom.
They will ask for a substantial amount and know what the club can and can’t pay. I’m confident United have £5m in the bank and can pay pretty quickly if they have to.
I’m 99 per cent certain this is an organised crime gang. It could be a 16-year-old kid sat in his pants in his bedroom who has nothing better to do than hack into the Pentagon, or it could be the Russians or corporate espionage — a rival club trying to devalue United’s share price and divert their focus from what they’re trying to do on the pitch — but I doubt it.
If they’ve encrypted United’s data — converting it to code or symbols to ensure it cannot be understood — they will say to the club: ‘If you don’t pay the ransom, we’re not going to lift the encryption.’
United may be trying to negotiate or stall while their people attempt to decrypt it. But the fact that it’s gone on so long makes me think there’s a strong encrypted algorithm in place on the network and United are never getting through that. Never. Not unless you’re at state level. You’ve basically got to write that off.
United will probably have a back-up system, but if the hackers have managed to download confidential data there are still various things they can do with it.
They could say: ‘We’ve got all this personal data of your staff, your players, your fans — phone numbers, emails, passwords — and we’re going to put it online.’
The hackers are demanding cash to release their grip on United (the club’s executive vice-chairman Ed Woodward is pictured left)
Sometimes they sell it but often they put it online just for the embarrassment. Players’ personal info, salaries, addresses, phone numbers and injury records could all potentially be leaked.
If you don’t want that to happen then you pay the ransom. The majority of criminals stick to their word and give you the encryption key once the ransom has been paid. They know the next target won’t listen to them if they don’t keep their promise.
It would be interesting to find out how this happened. Has a member of staff clicked on a link or is there a vulnerability in the system that the hackers exploited? I think the system is probably not correct for what United need.
There isn’t usually too much warning. If the business is attacked, normally there is a page in front of you saying your device has been encrypted, transfer x amount to this Bitcoin wallet.
It will have been on the network for a couple of days doing what it needs to do and then the systems will be shut down and the shutters come down.
There’s no phone call or verbal communication. A little face or symbol will appear telling you that your system is being attacked by group A, B or C, so pay this amount to unencrypt it.
There may be contact details — as in some sort of chatroom or email address — but it will be encrypted like proton mail. Nine times out of 10 it’s just a screen.
United should be insured. Cyber-insurance is the biggest growing insurance in Lloyds. Whether that includes ransomware payments, I don’t know. It generally doesn’t.
At director level, this is probably the last thing they need with the lack of finances due to the pandemic and no fans in the stadium.