International rail vehicle manufacturer, Stadler, disclosed a security breach that might have also allowed the attackers to steal company data.
Attackers confirmed that attackers compromised the IT network of the company and deployed some of its machines with malware that was used to exfiltrate data from the infected devices.
“Stadler internal surveillance services found out that the company’s IT network has been attacked by malware which has most likely led to a data leak. The scale of this leak has to be further analyzed. Stadler assumes
that this incident was caused by a professional attack from unknown offenders.” reads the data breach notification published by the company.
The company revealed that intruders asked for a large amount of money and are attempting to blackmail Stadler by threatening to release the stolen data.
“The offenders try to extort a large amount of money from Stadler and threaten the company with a potential publication of data to harm
Stadler and thereby also its employees.” continues the notification. “Stadler initiated the required security actions immediately, a team of external experts was called in and the responsible authorities were involved. The company’s backup data are complete and functioning. All affected systems are being rebooted.”
The rail vehicle manufacturer is investigating the incident with the help of external security experts.
Stadler did not pay the ransom and has resumed operations by restoring its backups.
The Swiss website Tagblatt confirmed that that the cyber attack impacted all the locations of the group.
“The IT network of the rail vehicle manufacturer Stadler has been attacked with malware.” reported the Swiss media. “There was a high probability of an outflow of data that was not yet known,” as the company headquartered in Bussnang announced on Thursday evening. Stadler is assuming “a professional attack”.
“The whole group is affected by the cyber attack”, including the many other locations in Switzerland and abroad. Now check whether you are also reporting in other countries. In Switzerland, Stadler also has locations in Altenrhein, St.Margrethen, Erlen, Winterthur, Wallisellen and Biel.” said company spokeswoman Marina Winder.
The rail vehicle manufacturer has filed a complaint with the Thurgau public prosecutor.
“Despite the corona pandemic and cyber attacks, the continuation of the production of new trains and Stadler’s services is guaranteed,” the company added.
Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
(SecurityAffairs – hacking, ransomware)