Hackers defaced Dublin Luas website and demand ransom

The website of the tram system in Dublin, the Luas, was hacked on Thursday, attackers claim to have the access to information stored on the organization’s systems.

Attackers defaced the website of the Luas, the home page displayed a message demanding the payment of 1 bitcoin. The hackers asked the payment within 5 days threatening to “publish all data and send emails to users” if the demand is not satisfied.

“Some time ago I wrote that you have serious security holes. You didn’t reply. The next time someone talks to you, press the reply button,” reads the message left by the attackers on the website.

Luas initially warned customers of the hack and invited them to avoid accessing the website “due to an ongoing issue,” the organization later confirmed that the website was compromised.

At the time of writing, the website of the Luas is still offline. the analysis of the bitcoin address provided by the attackers confirmed that organization did not pay the ransom.

It is not clear if the hackers have stolen data, Luas only collect some specific customers’ data, including name, mobile phone number, and email address.

The compromised site doesn’t contain financial data because customers buy tickets on a different website (payments[.]luas.ie) that was not affected by the hack.

In 2016, another public transport system was hacked, a ransomware infected the San Francisco’s transport system.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – defacement, hacking)

[adrotate banner=”5″] [adrotate banner=”13″]