Manchester United are being held to ransom for millions of pounds by cyber criminals who have crippled the club’s systems, according to Sportsmail.
United have brought in a team of technical experts to contain the potentially ‘disastrous’ attack that was launched more than a week ago.
But it’s understood the hackers still have United in their grip after the National Cyber Security Centre on Thursday night confirmed they are helping the club to resolve the crisis.
It said: ‘The NCSC is aware of an incident affecting Manchester United Football Club and we are working with the organisation and partners to understand impact.’
The embarrassing lapse of security at one of the world’s biggest sports clubs is believed to be far more serious than first feared.
United’s network has been infected by ransomware – a computer virus – and they now face the option of having to pay up or risk seeing highly sensitive information about the club and its stars leaked into the public domain.
It’s unclear who the criminals are or how much they want, but the NCSC revealed that in the last year an EFL club were hit with a £5m demand and the biggest single loss to a sports organisation from cyber crime was £4m.
United could also face fines of £9m, £18m or two per cent of their total annual worldwide turnover from the independent government body Information Commissioner’s Office if the attack is found to have breached their fans’ data protection – although the club on Thursday night reassured supporters that is not the case.
United also insist the attack will not impact match-day operations. The next home game is against Paris Saint-Germain in the Champions League on Wednesday night.
A statement on Thursday night read: ‘Following the recent cyber attack on the club, our IT team and external experts secured our networks and have conducted forensic investigations.
‘This attack was by nature disruptive, but we are not currently aware of any fan data being compromised.
‘Critical systems required for matches to take place at Old Trafford remained secure and games have gone ahead as normal.
‘The club will not be commenting on speculation regarding who may have been responsible for this attack or the motives behind it.’
The NCSC warned about the increased threat to the £37billion sports industry from cyber criminals in July, including the more remote possibility of being targeted by nation states such as Russia.
It revealed that the unknown EFL club received a £5m ransom demand after its systems were crippled. The club refused to pay up and were unable to operate their CCTV and stadium turnstiles, almost resulting in a match being postponed.
In another sting, the email of a Premier League managing director was hacked by criminals who narrowly failed to sabotage a transfer deal with a European club and divert the £1m fee into their own bank account.
When sensitive information from Manchester City’s company emails was leaked in 2018, it led to a £9m fine for breaking Financial Fair Play rules and a two-year Champions League ban that was later overturned.
The hackers are demanding cash to release their grip on United
‘Since 2018, ransomware attacks have been growing in impact. The criminals carrying out the attacks are taking more time to analyse victim networks and understand the ‘value’ of the target organisation.
‘Using network analysis and lateral movement within the victim’s network, attackers try to ensure they have maximum impact on the victim organisation – potentially denying access to business-critical files and systems.
‘Keep safe back-ups of important files. Even if you decide to pay the ransom, there is no guarantee that you will get access to your computer, or your files.’
The report revealed that 70 per cent of sports organisations had experienced cyber incidents in the previous year – double the average for UK businesses.
NCSC director of operations Paul Chichester said: ‘Sport is a pillar of many of our lives and we’re eagerly anticipating the return to full stadiums and a busy sporting calendar.
‘While cyber security might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cyber criminals cashing in on this industry is very real.
‘I would urge sporting bodies to use this time to look at where they can improve their cyber security – doing so now will help protect them and millions of fans from the consequences of cyber crime.’