REvil Criminal Ransomware Syndicate Attacks Spanish State-Owned Railway Operator Again!

critical railroad infrastructureAs world-wide concern continues to grow over the threat of potential attacks on critical infrastructure, REvil goes after and bites a Railway Operator once again!  The Daly Swig reports the criminals propagating the REvil /Sodinokibi ransomware struck Adif, Spain’s Administrator of Railway Infrastructure for a second time.

Now they've threatened a third attack if Adif doesn’t comply with their ransom demands. They continue to publish limited amounts of data to keep the pressure on. These low-lifes seem to be as as persistent as a Komodo dragon tracking down and latching onto their prey.

According to Adif 's site it is in charge of administering rail infrastructures (tracks, stations, freight terminals, etc) and managing rail traffic, distributing capacity to rail operators, and the collection of fees for infrastructure, station and freight terminal use. 

Since Adif is in charge of critical rail infrastructure, they have a big target on their back and REvil is trying hard to take advantage of it.  The agency confirmed in a statement to the Daily Swig that they had suffered a ransomware attack but emphasized that none of the critical infrastructure is affected. 

The Daily Swig says, “this incident came after two previously successful campaigns against the infrastructure group, during which the attackers claimed they took 800 GB of data, including personal information and accounting figures.

A statement from the threat actors posted online reads: “We advise you to get in touch immediately. We have personal information including correspondence, contracts and other accounting (total 800 gigabytes of data).”  

The “attackers also threatened to launch a third cyber-attack if Adif did not comply with its demands.”  

“Simultaneously with the publication, the third attack will follow,” the message reads.

“If you do not comply with our terms, your data will be published in the public domain. We will continue to download your data until you contact us.”

REvil uses a ransomware-as-a-service (RaaS) model and its attack methods include  exploiting known security vulnerabilities and phishing campaigns. They also adopted the “wall of shame” technique releasing  limited amounts of data to twist their victims arms.  You should  assume that most ransomware attacks are data breaches and that intruders are hanging quietly in your network collecting your data as leverage in case you don’t pay. 

You need to inoculate your users against social engineering  attacks and phish your them regularly to build an effective human firewall. The Daily Swig has the story


Ransomware Has Gone Nuclear, How Can You Avoid Becoming The Next Victim?

There is a reason more than half of today’s ransomware victims end up paying the ransom. Cyber-criminals have become thoughtful; taking time to maximize your organization’s potential damage and their payoff.

After achieving root access, the bad guys explore your network reading email, finding data troves and once they know you, they craft a plan to cause the most panic, pain, and operational disruption. Ransomware has gone nuclear.

GoneNuclear-WEBINARJoin us for this webinar where, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, dives into:

  • Why data backups (even offline backups) won’t save you
  • Evolved threats from data-theft, credential leaks, and corporate impersonation
  • Why ransomware isn’t your real problem
  • How your end users can become your best, last line of defense

Watch Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews