Print Article

EXCLUSIVE: Manchester United face £15MILLION fine if they pay hackers holding them to ransom as club call in experts to try and fight off the virus crippling their systems... and a FURTHER £18m charge could arrive if fans' data protection is breached


Manchester United face a huge fine of up to £15million if they give in to the demands of cyber hackers holding the club to ransom.

The ‘double whammy’ threat emerged as United continued to fight off the sophisticated ransomware attack that has crippled the club’s systems for more than a week, as exclusively revealed by Sportsmail.

United are already faced with a ransom demand that is believed to run into millions of pounds – or risk the possibility of highly sensitive information being leaked into the public domain.

However if they pay the hackers to call off the attack, United could fall foul of new US legislation that is punishable by a fine of up to $20m (£15m).

Although United are a UK-based company, the Glazer-owned club are listed on the New York Stock Exchange and therefore subject to US law. Their share price dropped on Friday in the wake of Sportsmail’s revelations.

The US Treasury Department announced last month that any organisations meeting the ransom demands of hackers who appear on their global hit list risk incurring a hefty financial penalty – even if the victims are not aware of the criminals’ identity.

The list includes the Russian cybercrime gang Evil Corp, the North Korean Lazarus Group and SamSam ransomware attacks emanating from Iran.

The US Office of Foreign Assets Control, an arm of the treasury, warned that paying the ransom demand would only boost the criminals’ finances and encourage them to strike again elsewhere.

The OFAC statement read: ‘Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.

‘Facilitating a ransomware payment that is demanded as a result of malicious cyber activities may enable criminals and adversaries with a sanctions nexus to profit and advance their illicit aims.

‘For example, ransomware payments made to sanctioned persons or to comprehensively sanctioned jurisdictions could be used to fund activities adverse to the national security and foreign policy objectives of the United States.

‘Ransomware payments may also embolden cyber actors to engage in future attacks.’

OFAC and the UK’s National Cyber Security Centre have also warned organisations there is no guarantee criminals will keep their word if the demands are met.

This may include not handing back sensitive information they have encrypted or leaking it on the internet.

The threat of a US fine is another headache for United in addition to the threat of a penalty of up to £18m from the independent UK Government body, Information Commissioner’s Office, if the data protection of their huge fanbase has been breached – although the club are not aware that is has.

It read: ‘We are aware of an incident affecting Manchester United Football Club and have been working with law enforcement partners in response.’

It’s understood the NCSC became involved after United contacted police following the attack nine days ago. The club have since been following a ransom protocol, but it is unclear if they will pay up.

The attack is believed to have come from an email phishing scam although United will not confirm it is ransomware, and are not commenting on the identity of the hackers or their motives.

The club’s computer network is still down and staff are unable to access their company email accounts.

However, United insist the disruption has been minor and not affected matchday operations, with two home games taking place since the attack. They also pointed out that the club’s media channels and ecommerce operations have continued to operate smoothly.


The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more


View our latest imagery from our news and work

Find out more


Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email