Railway rolling stock manufacturer Stadler Rail is currently investigating a malware attack that has forced off-line some of its networks.
Headquartered in Bussnang, Switzerland, the company manufactures a variety of trains (high-speed, intercity, regional and commuter heavy rail, underground and tram) and trams, with approximately 11,000 employees at more than 40 sites.
The Swiss manufacturer announced last week that what appears to be a professional threat actor could compromise their network with malware and exfiltrate an unknown amount of data.
“Stadler’s internal surveillance services discovered that malware targeted the company’s IT network which most likely led to a data leak. The size of this leak has to be evaluated further, “the firm said in a press release.
The company did not provide information on the type of malware used in the attack, but revealed that the miscreants were trying to extort Stadler’s money by threatening to publicize stolen data in an effort to “damage Stadler and his employees as well.”
The organization said it took immediate measures to contain the incident and that it had worked with an external committee to launch an inquiry into the matter. Authorities have been warned, too.
Stadler also announced the rebooting of the affected systems and stressed that their backup systems are functioning.
The company’s mention of restored systems and backup data indicates ransomware may have been used in the attack.
Ransomware operators like those behind Maze have been stealing victim data and trying to extort more money by threatening to make it public in case a ransom is not paid and Stadler’s mentioned attack fits the trend.