REvil ransomware operators successfully targeted Spanish state-owned railway operator Administrador de Infraestructuras Ferroviarias (Adif) last week.
The bad actors claimed to have exfiltrated around 800 GB of data from Adif’s servers, including personal information, letters, contracts, and account information of the company.
As proof, the cybercriminals even posted a sample of their bounty on their underground website. Although Adif said its security team controlled the ransomware attack, cybercriminals said they will continue to exfiltrate data from their servers unless their ransom demands are met.
“Simultaneously with the publication, the third attack will follow,” REvil operators said. “We advise you to get in touch immediately. We have personal information including correspondence, contracts and other accounting (total 800 gigabytes of data). If you do not comply with our terms, your data will be published in the public domain. We will continue to download your data until you contact us.”
In a statement to the International Railway Journal (IRJ), Adif said its “infrastructure has not been affected at any time, and the correct functioning of all of its services has been guaranteed.”
“Adif, aware of being the manager of a critical infrastructure such as the exploitation of the railway network, considers cybersecurity as one of the pillars of comprehensive security,” the statement reads.
Details on how the criminals managed to breach security of the railway infrastructure manager are yet to be revealed. What we do know, however, is that REvil has added some big names to its list of victims. The gang has been prolific this year, compromising Travelex, Grubman Shire Meiselas & Sacks, Aussie beverage manufacturer Lion, a Brazilian power company and Telecom Argentina, one of the largest Internet service providers in the country.
The ransom demands received by Adifalso remain unknown, but it’s recommended never to give in to such ultimatums. Recently, ransomware gangs haven’t been limiting their malicious actions to encrypting the data of their victims, but instead focus on publicly extorting them by threatening to leak their confidential data online.