Spanish Railway Infrastructure Threatened by Ransomware

Published at: July 25, 2020

Ransomware gang REvil stole over 800 GB of data from ADIF, the Spanish state-owned railway infrastructure manager, after a successful attack deployed on their systems.

According to El Español, the authorship of the cyberattack belongs to the well-known ransomware group after they published a post on the official darknet website of REvil on July 22, who boasted of adding another victim.

The cybercriminals claimed to have caught over 800 GB in data from the servers of ADIF, although it’s not confirmed how they managed to breach the security of the railway infrastructure manager based in Madrid.

REvil didn’t disclose major information on which kind of data they stole, but a screenshot published by the gang in the blog post shows some files that could contain personal data, letters, contracts, and account information of ADIF.

The vulnerability could have not been patched yet

The report states that the ransomware gang claimed to have the capabilities to keep downloading data from ADIF’s IT systems, suggesting that the attack is still underway due to a vulnerability that hasn’t been patched so far if they don’t pay for the requested ransom, which is unknown as of press time.

However, the Spanish state-owned company issued a comment on the attack:

"At no time has the infrastructure been affected, always guaranteeing the proper functioning of all our services. Adif, aware of being the manager of a critical infrastructure such as the exploitation of the railway network, considers cybersecurity as one of the pillars of comprehensive security.”

Recently, REvil launched another series of attacks targeting three companies in the U.S. and Canada. They have leaked data from two of the companies and threatened to disclose sensitive data from the third.

Also, Cointelegraph reported on June 12 that the gang leaked sensitive documents stolen from a US-based robotics company. According to an official blog post from REvil on June 11, the team has started leaking confidential data belonging to Symbotic LLC.

Tags
Related Posts
Major Chilean bank shuts down all branches following ransomware attack
Banco Estado, the only public bank in Chile and one of the three largest in the country, had to shut down its nationwide operations on Monday due to a cyberattack that turned out to be a ransomware launched by REvil. According to a public statement, the branches will remain closed for at least one day, but clarified that customers’ funds have not been affected by the incident. Citing sources close to the investigation, ZDNet reported that the REvil ransomware gang is behind the attack. It reportedly originated from an Office document infected with the malware that an employee received and …
Technology / Sept. 8, 2020
California University Pays Million-Dollar Crypto Ransom
The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …
Technology / June 30, 2020
LG and Mitsubishi Hit by Ransomware Attacks, Data Leak ‘Coming Soon’
Two ransomware gangs reportedly attacked the electronics giant, LG, and Japanese multinational car manufacturer, Mitsubishi. The hackers are now threatening both companies with data leaks. Screenshots posted to the gang’s blog show several files, as well as source code from the attack. No official statement from LG yet As of press time, the electronics giant has not addressed the incident officially. A statement from the ransomware gang alleges that the hackers managed to steal over 40GB of source code from the manufacturer. However, Brett Callow, threat analyst and ransomware expert at malware lab Emsisoft, stated that the alleged proofs don’t …
Technology / June 26, 2020
Report: Ransom Costs for Stolen Data Rose 200% From 2018 to 2019
On average, the ransom demanded by cryptocurrency ransomware hackers increased by 200% from 2018 to 2019. According to a report published on June 5 by cybersecurity firm Crypsis Group, the average ransom demanded by cryptocurrency ransomware groups in 2019 reached $115,123. The median ransom, on the other hand, increased by 300% from 2018’s first quarter to the last quarter to 2019, reaching over $21,700. According to Crypsis Group, ransoms have grown as hackers increasingly target enterprises and select victims who are able to pay higher sums. Just yesterday, Cointelegraph reported that ST Engineering Aerospace’s United States subsidiary fell victim to …
Technology / June 8, 2020
Ransomware Gang Steals 10TB of Pics and Data From Canon
Multinational corporation Canon reportedly fell victim to a ransomware attack launched by Maze group against its email and storage services and its United States website on July 30. Maze has threatened to leak the pics and data if a crypto ransom is not paid. The image.canon site was out for six days, during which it showed updates. It went back into service on Aug. 4. Canon put out a statement that day about the attack, saying there had been no leak of image data, nor thumbnails of the photos stored in its cloud service. However, the severity of the attack …
Technology / Aug. 6, 2020