Cyber Crime

Spanish state-owned railway infrastructure manager ADIF infected with ransomware

ADIF, a Spanish state-owned railway infrastructure manager under the responsibility of the Ministry of Development, was hit by REVil ransomware operators.

Administrador de Infraestructuras Ferroviarias (ADIF), a Spanish state-owned railway infrastructure manager was hit by REVil ransomware operators.

ADIF (Administrador de Infraestructuras Ferroviarias) is charged with the management of most of Spain’s railway infrastructure, that is the track, signaling and stations. It was formed in 2005 in response to European Union requirements to separate the natural monopoly of infrastructure management from the competitive operations of running train services.

The company has over 13,000 employees for a revenue of around $8 Billion.

The hackers claimed to have stolen 800GB of data including correspondence and contracts.

The incident was confirmed by Spanish media and security firms, including threat intelligence company Cyble.

As proof of the attack, REVil ransomware operators have posted a sample of data files exfiltrated from the company. If ADIF will refuse to pay the ransom, REvil ransomware operators will leak their confidential data online.

“Simultaneously with the publication, the third attack will follow,” the reads a message posted on their leak site. “We will continue to download your data until you contact us.”

Adif confirmed to IRJ that it has suffered a ransomware attack and added that its internal security services immediately mitigated it.

“The infrastructure has not been affected at any time, and the correct functioning of all its services has been guaranteed,” the company says. “Adif, aware of being the manager of a critical infrastructure such as the exploitation of the railway network, considers cybersecurity as one of the pillars of comprehensive security.”

“As per Cyble Research Team, the operators may have downloaded, what seems to be the company’s confidential data such as ADIF’s high-speed hiring committee contracts, property records, field works reports, project action plans, documents about customers, and much more.” reads the post published by Cyble.

Below one of the sample data leaked by the threat actors:

This week REVil ransomware operators also hit Telecom Argentina, one of the largest internet service providers in Argentina, infecting roughly 18,000 computers during the weekend and now are asking for a $7.5 million ransom.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ADIF)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

New Atrium Health data breach impacts 585,000 individuals

Atrium Health disclosed a data breach affecting 585,000 individuals to the HHS, potentially linked to…

3 hours ago

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog.…

12 hours ago

Hundred of CISCO switches impacted by bootloader flaw

A bootloader vulnerability in Cisco NX-OS affects 100+ switches, allowing attackers to bypass image signature…

23 hours ago

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks<gwmw style="display:none;"></gwmw>

SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and…

1 day ago

Operation Destabilise dismantled Russian money laundering networks

Operation Destabilise: The U.K. National Crime Agency disrupted Russian money laundering networks tied to organized…

1 day ago

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

Russia-linked APT group Secret Blizzard has used the tools and infrastructure of at least 6…

2 days ago

This website uses cookies.