Stadler Rail the Railway vehicle manufacturer claims to be attacked by malware as it forced the System to go offline.
Stadler Rail is a Swiss manufacturer of railway rolling stock, with an emphasis on regional train multiple units and trams. It is headquartered in Bussnang, Switzerland.
Stadler Rail is also focused on niche products and is one of the last European manufacturers of rack railway rolling stock. The holding company consists of nine subsidiaries with locations in Algeria, Germany, Italy, the Netherlands, Austria, Poland, Switzerland, Spain, Czech Republic, Hungary, Belarus, and the United States.
Last week, the Swiss manufacturer announced that what appears to be a professional threat actor was able to compromise its network with malware and to exfiltrate an unknown amount of data.
“Stadler internal surveillance services found out that the company’s IT network has been attacked by malware which has most likely led to a data leak. The scale of this leak has to be further analyzed,” the company said in a press release.
However, the company said that as soon as we got to know about the hit, we engaged with an external team to launch an investigation into the matter and took the necessary steps to be taken. The company did not provide details on the type of malware used in the attack but revealed that the miscreants were attempting to extort money from Stadler by threatening to make stolen data public, in an attempt to “harm Stadler and thereby also its employees”.
Stadler also revealed that the affected systems were being rebooted, and underlined that its backup systems are functioning. The company’s mentioning of systems having to be restored and of backup data suggests that ransomware might have been used in the attack.
Ransomware operators such as those behind Maze have been stealing victim data and have attempted to extort more money by threatening to make it public in the event a ransom is not paid, and the attack described by Stadler fits the pattern.
However, the authorities are looking into the matter and will sort out the matter soon said the company.
As the situation all over the world has caused people to be at home, the hackers have started to attack the companies whichever they want and selling the data on DarkWeb. If you are following cybersecurity news you will be aware of the attacks happened this week which included GoDaddy, Microsoft, some private companies, law firms, and even Facebook. Hence, we suggest you enable 2-factor authentication on your systems to avoid the attack.