U.K. soccer club Manchester United has been forced to take some systems offline following a cyberattack.

The attack occurred Friday evening U.K. time Nov. 20. The club described the attack only as “a sophisticated operation by organized cybercriminals.”

Manchester United said in a statement Nov. 20 that it had extensive protocols and procedures in place for such an event and had rehearsed for this risk. It added that “our cyber defenses identified the attack and shut down affected systems to contain the damage and protect data.”

Media channels including the club’s website, mobile app and streaming service were unaffected by the attack and no personal data is believed to have been stolen.

Manchester United didn’t release details on what the attack involved, but The Sun today quoted an expert as saying the attack bears “hallmarks of Russian or Chinese hackers.” The fact that the attack came before a game is also claimed by the expert to suggest that “the intention was to cause chaos for the club.”

Without any details on the attack, suggesting it was Russian or Chinese hackers is pure speculation. It could have been North Korean or Iranians hackers as well. The four countries dominate the list of advanced persistent threat groups.

But the attack does sound like ransomware given that the response of the club was to shut down affected systems immediately. That’s a standard response to stopping ransomware from spreading across a network. A ransomware attack is also the sort of attack that an organization, enterprise or in this case a club would rehearse for.

“The club responded very quickly to shut down the attack and to communicate with its key stakeholders and the [U.K.] Information Commissioners Office,” Jon Niccolls, an incident response lead at cybersecurity solutions provider Check Point Software Technologies Ltd., told SiliconANGLE. “It’s an excellent example of how to implement a detailed incident response plan.”

Niccolls also agrees that the attack was likely ransomware, noting that it may have been a “double extortion” attack where the attackers both steal data and encrypt it to disrupt operations.

“These are a fast-growing trend in 2020 and organizations such as football clubs are a prime target as their systems hold the details of hundreds of thousands of people including fans, employees, players as well as sensitive business and payment data,” Niccolls explained. “We would urge all organizations to follow the club’s example and build a strong defense that combines technology and processes: solutions that can prevent these attacks and prevent data leaks and training for employees about the risks of phishing emails, as this is how many ransomware attacks are launched.”

Image: Tinthethao