The REvil rescue band stole more than 800 GB of data from ADIF, the Spanish state railway infrastructure administrator, after a successful attack on its systems.
According to El Español, the author of the cyber attack belongs to the well-known rescue band after they published an entry on July 22 on REvil’s official Darknet website, in which they boasted of adding another victim.
The cybercriminals claimed to have captured more than 800 GB of data from Bitcoin Millionaire servers, although it is not confirmed how they managed to breach the security of the Madrid-based rail infrastructure manager.
Most malicious ransomware attacks require payments in crypto currencies
REvil did not reveal any further information on the type of data they stole, but a screenshot posted by the band on the blog post shows some files that could contain personal data, letters, contracts and ADIF account information.
The vulnerability may not have been patched yet
The report states that the ransomware band claims to have the ability to continue downloading data from ADIF’s computer systems, suggesting that the attack is still ongoing due to a vulnerability that has not been patched so far if they do not pay the requested ransom, which is unknown at press time.
U.S. Secret Service Issues Ransomware Warning
However, the Spanish state-owned company issued a comment on the attack:
„At no time has the infrastructure been affected, always guaranteeing the proper functioning of all our services. Adif, aware of being the manager of a critical infrastructure such as the operation of the railway network, considers cyber security as one of the pillars of integral security“.
Recently, REvil launched another series of attacks targeting three companies in the US and Canada. They have leaked data from two of the companies and threatened to reveal sensitive data from the third.
Ransomware: Argentina’s Telecom Hacked and Ransomed in Monero
In addition, Cointelegraph reported on June 12 that the gang leaked sensitive documents stolen from a U.S.-based robotics company. According to an official REvil blog on June 11, the team has begun leaking confidential data from Symbotic LLC.