As world-wide concern continues to grow over the threat of potential attacks on critical infrastructure, REvil goes after and bites a Railway Operator once again! The Daly Swig reports the criminals propagating the REvil /Sodinokibi ransomware struck Adif, Spain’s Administrator of Railway Infrastructure for a second time.
Now they've threatened a third attack if Adif doesn’t comply with their ransom demands. They continue to publish limited amounts of data to keep the pressure on. These low-lifes seem to be as as persistent as a Komodo dragon tracking down and latching onto their prey.
According to Adif 's site it is in charge of administering rail infrastructures (tracks, stations, freight terminals, etc) and managing rail traffic, distributing capacity to rail operators, and the collection of fees for infrastructure, station and freight terminal use.
Since Adif is in charge of critical rail infrastructure, they have a big target on their back and REvil is trying hard to take advantage of it. The agency confirmed in a statement to the Daily Swig that they had suffered a ransomware attack but emphasized that none of the critical infrastructure is affected.
The Daily Swig says, “this incident came after two previously successful campaigns against the infrastructure group, during which the attackers claimed they took 800 GB of data, including personal information and accounting figures.
A statement from the threat actors posted online reads: “We advise you to get in touch immediately. We have personal information including correspondence, contracts and other accounting (total 800 gigabytes of data).”
The “attackers also threatened to launch a third cyber-attack if Adif did not comply with its demands.”
“Simultaneously with the publication, the third attack will follow,” the message reads.
“If you do not comply with our terms, your data will be published in the public domain. We will continue to download your data until you contact us.”
REvil uses a ransomware-as-a-service (RaaS) model and its attack methods include exploiting known security vulnerabilities and phishing campaigns. They also adopted the “wall of shame” technique releasing limited amounts of data to twist their victims arms. You should assume that most ransomware attacks are data breaches and that intruders are hanging quietly in your network collecting your data as leverage in case you don’t pay.
You need to inoculate your users against social engineering attacks and phish your them regularly to build an effective human firewall. The Daily Swig has the story